Finally, clean hacked wordpress site will also inform you that there's no htaccess within the directory. You can place a.htaccess record in to this directory if you want, and you can use it to handle the wp-admin directory by Ip Address address or address range. Details of how you can do that are plentiful around the net.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, that hides the files out of public view.
Keeping your WordPress website up-to-date is one of the simplest things you can do. For the last few versions, the ability to install updates has been included by WordPress. Not only that, but sites are notified whenever a new update becomes available.
Note that you should try this step for new installations. You'll also need to change the table names inside the database, if you would like to do it for existing installations.
Do your homework and some searching, but if you're pressed for time and need anchor to get this done once and for all, try out the WordPress security plugin that I use. It is a relief to know that my website (and view company!) are secure.