Additionally, it is important to change your password and admin username if someone needs your password and admin username to login to perform the job and will help you. Admin username and your password changes after all of the work is finished. If the person is trustworthy, someone in their business might not be. Better to be safe than sorry!
Finally, repair hacked wordpress site will also tell you that there's not any htaccess in the wp-admin/ directory. You can put a.htaccess file into this directory if you wish, and you can use it to control access by IP address to the directory or address range. Details of how to do this are available on the net.
The one I recommend, and the stronger approach, is to use one of the password creation and storage plugins available on your browser. I think after a free trial period, you need to pay for it, although many people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
1 step you can take is to delete the default administrator account. This is critical because if you don't do it, a user name that they could attempt to crack is known by malicious user.
As I (our untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, dig this web hosting, etc. accounts which all come with logins and passwords you need to remember.
However, I advise that you install the Login LockDown plugin a fantastic read as opposed to any.htaccess controls. That will stops login requests from being allowed from a for an hour or so after three failed login attempts. You can access your cell while and yet you have good protection against hackers, if you accomplish that.