Finally, fix wordpress malware removal will inform you that there's no htaccess within the directory. You may place a.htaccess record into this directory if you would like, and you can use it to handle the wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the net.
Protect your login credentials - Do not keep your login credentials where a hacker might find them. Store them offsite, and even offline. Roboform is very good for protecting them, too. Food for thought!
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely if you make regular additions and changes to your website. If you make changes multiple times a day, or have a community of people that are in there all the time, a daily backup should be a minimum.
BACK UP your website and keep a copy on your own computer and storage. Back, For site link those who have a very active site. You spend a lot of money and time on your site, don't skip this! The one solution that does it all is BackupBuddy, no back up database, site link widgets, plugins and your documents. Need to move your site this will do it in less than a few minutes!
Do not use wp_ as a prefix for your databases. That default is being read here eliminated by most web hosting providers now but if yours does not, adjust wp_ to anything else but that.