By default, the latest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to some how to fix hacked wordpress site plugins. Before, WordPress did have holes but now most of them are filled up.
Use strong passwords - Do what you can to use a password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are also easy to guess!
For me it's a WordPress plugin. They are drop dead easy to install, have all the features you need for a job such as this, and are relatively cheap, especially when compared to having to employ someone to get this done for you.
WordPress is one of the most popular platforms for blogs and websites. While WordPress is pretty secure out of the box, there are always going to be people who wish to make trouble by finding a way to crack into sites or accounts to cause harm or inject hidden spammy Home Page links. That's why it's important to make certain that your WordPress installation is as safe as possible.
However, I advise that you set up the Login LockDown plugin as opposed to any.htaccess controls. That will stops login requests from being permitted from a certain IP-ADDRESS for an hour or so after three unsuccessful login attempts. You can access your cell while and yet you still have protection against hackers if you accomplish that.