Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
Finally, fix wordpress malware protection will tell you that there's not any htaccess in the wp-admin/ directory. You can put a.htaccess file into this directory if you wish, and you can use it to control access to the directory by IP address or address range. Details of how to do that are available on the net.
A simple way to maintain WordPress safe is to use a few tools that are built-in. First of all, don't allow people run a web host security scan, to list the files in your folders and automatically backup your web hosting account.
I don't think there is a person out there that after learning just how much of a problem WordPress hacking is that it is a good idea. Something I've noticed through the years is that when it comes to securing their sites, bloggers seem to be stuck in this state that is reactive.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it for free and this plugin is a fantastic choice.
Those are three things you can do to maintain WordPress secure without plugins. Put a blank Index.html file in your folders, run this post your web host security scan and backup your entire account.