By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to some rename your login url to secure your wordpress website plugins. Before, WordPress did have holes but most of them are stuffed up.
Also, don't make the mistake of believing that your hosting company will have your back so far as WordPress backups go. Not always. It's been my experience that the hosting company may or might not be doing proper backups, while they say that they do. Take that kind of chance?
Keep control of your assets that are online - Nothing is worse than having your livelihood in somebody else's hands. Why take chances with something as important as your website?
It's time to register for a Facebook accounts and use this individual's name and identity. Once I get it all set up, I'll be emailing you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever social site).
However, I recommend Learn More that you install the Login click for more LockDown plugin in place of any.htaccess controls. From being permitted after three failed login attempts from a specific IP address for one hour login requests will stop. If you do so, you can still get into your admin panel whilst away from your office, and yet you have good protection against Discover More hackers.