secure your wordpress site will inform you that there's not any htaccess inside the directory. You can place a.htaccess record in to this directory if you want, and you can use it to handle this wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the net.
Strong passwords - Do your best to use a strong password, alpha-numeric. Easy to remember passwords are also easy to guess!
1 step you can take is to delete the default administrator account. This is important because if you don't do it, a user name that they could try to crack is already known by malicious user.
Take note of your new password! I recommend the free or paid version of the software that is secure *Roboform* to remember your passwords.
The plugin should be regularly updated have WordPress, play nice with your other plugins and to site here stay current with the latest WordPress release and restore capabilities. The ability to clone your site (in addition to regular copies ) can be helpful if you ever need to do an offline site redesign, among other things.