Finally, repair hacked wordpress site will tell you that there is no htaccess in the directory. You can put a.htaccess file if you desire, and you can use it to control access to the directory or address range. Details of how to do that are readily available on the internet.
Truth is, there is really no way to stop an intrusion if your own website is targeted by a competent master of this script. Everything you are about to read below are a few precautionary actions you can take to quickly minimize the risk to an acceptable level. Chances are a hacker would prefer choosing another, easier victim if your WordPress site is well protected.
It's a WordPress plugin. They're drop dead simple to set up, have all view the functions you need for a job like this, and are relatively inexpensive, especially when compared to having to hire someone to get this done for you.
Now we are getting into things specific to WordPress. You must rename it to config.php and modify the file config-sample.php, when you install WordPress. You will need to deploy the database facts there.
Implementing all the above will take less than an hour to complete, while making your WordPress site more resistant to link intrusions. Sites were cracked last year, mainly due to preventable safety gaps. Have yourself prepared and you are likely to be on the safe side.