Year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
secure your wordpress website will tell you that there is no htaccess from the wp-admin/ directory. You can put a.htaccess file within this directory if you desire, and you can use it to control access to the wp-admin directory or address range. Details of how to do that are available on the internet.
Also, don't make the mistake of thinking that your web host will have your back as far as WordPress copies go. Not always. It has been my experience that the hosting company may or may not be doing proper backups, while they say they do. Why take that kind of chance?
Harness Scanner goes through the files on your website database, comment and post tables in search of anything suspicious. Additionally, it informs you for plugin names. It does not remove anything, it simply warns you for threats.
It's really sexy to fan the flames of fear. That's what bloggers and journalists and politicians and public figures do. It's great for go to website readership and it brings money. Balderdash.
There are always going to be risks being online (or even just being alive!) And it's easy to get caught up in the fear. We put the breaks on As soon as we get caught up in the panic. This isn't a response that is fantastic. Simply take some common sense precautions forge ahead. It will have to be dealt with then, if something bad does happen and of quaking in visit your boots 23, no amount will have helped. All is good, if nothing does and you haven't made yourself sick with worry.