Finally, fix hacked wordpress database will tell you that there is no htaccess in the wp-admin/ directory. You can put a.htaccess file if you wish, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do that are available on the internet.
The approach, and the one I personally recommend, is to use one of the password generation and storage plugins available for your browser. Lots of people like RoboForm, but I believe after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you.
Exploit Scanner goes in search of visit here anything suspicious through the files on your site comment database and place tables. It also notifies you for plugin names. It does not remove anything, it warns you for possible threats.
Note that this step for new installations should try. You need to change the table names inside the database if you might like to get it done for existing installations.
Using a plugin for WordPress security just makes sense. WordPress backups will need to be carried out on a regular basis. Do not become a victim as a result of not being proactive!