It's also important to change admin username and your password if someone needs admin username and your password to login to do the job and will help you. After all the work is finished, IMMEDIATELY change your password and admin username. If the person is trustworthy, someone in their business may not be. Better to be safe than sorry!
Security plugins can be purchased by you to your WordPress blog. There are safety plugins out there that promises optimum security for your blog. One is called fix hacked wordpress Scan. The system is continuously scanned by this plugin . Additionally, it updates the security that new hackers can't penetrate the system.
Should your site's server go down, everything you've worked for will proceed with this. You'll make no sales, get signups or no visitors to your site, until you get the website and in short, you're out of business.
Maintain control of your assets - Nothing is worse than having your livelihood in the hands of somebody visit this page else. Why take chances with something as important as your website?
Can you view that folder, what if you go to WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can not view what plugins you have. Because even if your current version of WordPress is up to date, if you are using a plugin or an old plugin with a security hole, then someone can use this to get access.
However, I recommend that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted from a certain IP address for an hour after three failed login attempts. You may get into your admin panel whilst away from your workplace, and yet you still have protection against hackers if you do so.