clean hacked wordpress site will tell you that there is not any htaccess in the directory. You can put a.htaccess file into this directory if you wish, and you can use it to control access to the directory or address range. Details of how to do that are available on the internet.
Don't make the mistake of thinking that your hosting company will have your back as far as WordPress redirected here copies go. Not always. It has been my experience that the hosting company may or might not be dig this doing proper backups while they say they do. Why take that kind of chance?
First in line is currently creating a password to your account. Passwords must be made with characters and numbers. You may combine them and create plus shifted letters. Smarter passwords can be your gateway to zero hackers. Make passwords that are difficult that only you can think of.
Another step to take to make WordPress secure is to upgrade WordPress to the latest version. The main reason for this is that there also come fixes for security holes making it essential to update.
Do not use wp_. Web hosting providers are currently removing that default but if yours does not, adjust wp_ to anything else but that.