I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Ultimately, fix wordpress malware virus will inform you that there is no htaccess inside the directory. You can place a.htaccess record into this directory if you would like, and you can use it to handle this wp-admin directory by Ip Address address or address range. Details of how you can do this are plentiful around the internet.
Backup plug-ins is also important. You need to backup database and all the files you can easily bring your blog back like nothing.
Recently, an unknown hacker murdered the blog of Reuters and posted a news article. Since Reuters is web a news site, their reputation is ruined because of what the hacker did. Something similar may happen to you in the event you don't pay attention on the security of your WordPress blog.
It's really sexy to fan the flames of fear. That is what bloggers and journalists and politicians and public figures do. It's terrific for readership and it brings money. Balderdash.
However, I recommend that you install the this website Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being allowed after three failed login attempts from a specific IP address for an hour. You can access your admin panel while and yet you still have good protection against hackers, if you do that.