fix wordpress malware plugin will also tell you that there's no htaccess in the wp-admin/ directory. You can put a.htaccess file if you desire, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do that are available on the net.
Also, don't make the mistake of believing that your hosting company will have your back so far as WordPress copies go. Not always. It's been my experience that the hosting company may or may not be doing proper backups while they say they do. Why take that kind of chance?
This is quite useful plugin, the original source protecting you against brute-force password-crack attacks. It keeps here track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of failed attempts is reached.
Note that you should only try this last step for new installations. You'll also have to change the table names within the database if you would like to get it done for installations.
Change your password, frequently, or at least your Click This Link WordPress admin and password username and collect and use other good WordPress security tips to keep hackers out!