Additionally, it is important to change admin username and your password if you are helped by someone and needs admin username and your password to login to perform the job. Admin username and your password changes after all the work is finished. Even if the man is trustworthy, someone in their company might not be. Better to be safe than sorry!
Ultimately, secure your wordpress site will also inform you that there is not any htaccess within the directory. You can place a.htaccess record into this directory if you want, and you can use it to manage usage of this wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the net.
An easy way is to use a few tools that are built-in. To begin with, do not allow people run a web host security scan to list the files in your folders and automatically backup your web hosting account.
There's a section of config-sample.php that's headed"Authentication Unique Keys." There are. There's a hyperlink inside that part of code. You want to enter that link in your browser, copy the contents that Discover More you get back, and replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically generate a"logged-in" cookie for your site.
Make a note of your new password! I recommend the free or paid version of the software that is secure *Roboform* to remember your passwords.
I prefer to use a WordPress plugin to get the work done. Make sure the plugin you select is able to do backups, has restore and can replicate. Also be sure that it is often updated to keep pace with all new versions of WordPress. There's absolutely not any use in not working, and backing up your data to a plugin that's out of date.