Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
Finally, clean hacked wordpress site will tell you that there is not any htaccess in the directory. You can put a.htaccess file if you wish, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do that are available on the internet.
There are many ways to pull off this, and many involve view it copying and FTPing files, exporting and re-establishing databases and much more. Some of them are very complex, so it is important that you go for the best one. Then you may want to look into using a plugin for WordPress backups if you're not of the persuasion that is technical.
You should also place the"Anyone Can Register" in Settings/General to away, and you should have some sort of spam plugin. Akismet is the one I use, the old standby, but there are lots of them nowadays.
Security plug-ins that were all-Rounder can be Read Full Report thought of as a security checker that was complete. They give you information about the weaknesses of the site and check and scan the website.
Of course it's possible to install more plugins to make your shop more user friendly like automated backup plugin or share buttons. That's all. Your store is up and running!