By default, the newest version of WordPress is pretty darn secure. Anything that might have been added to some fix wordpress malware removal plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but now most of them are filled up.
This is fantastic news because it means that there is a strong community of developers and users that can further enhance the platform. However, whenever there's a group there will always be people who will attempt to take down them.
Recently, an unknown hacker hacked the site of Reuters and posted a fake news article. Their reputation is already ruined due to what the hacker did since Reuters is a popular news site. The same thing may happen to you in the event you don't pay attention on the security of your WordPress blog.
Can you view web link that folder what if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can not view what plugins you might have. Because even if your version of WordPress is up to date, if you're using a plugin or an old plugin with a security hole, then someone can use this to get access.
However, I advise that you install the Login LockDown plugin in place of any.htaccess controls. That will stop login requests from being permitted from a certain IP address for an hour. If you do that, you may still get into your admin panel whilst away from your office, and yet you still have great protection against hackers.