Ultimately, fix wordpress malware protection will inform you that there is no htaccess inside the directory. You may put a.htaccess record in to this directory if you want, and you can use it to manage usage of this wp-admin directory by Ip Address address or address range. Details of how you can do that are plentiful around the internet.
Basically, it will all start with the basics. Attempt to use complex passwords. Use spaces, numbers, special characters, and letters and combine them to make a unique password. You could also use usernames that aren't obvious.
It's a WordPress plugin. They're drop dead simple to install, have all the functions you need for a task like this, and are relatively inexpensive, especially when compared to having to hire someone to have this done for you.
Can you view that folder, Imagine if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can not see what plugins you might have. Because even if your version of WordPress is current, if you are using an old plugin or a plugin using right here a security hole, then someone can use that to get access.
Change admin username and your WordPress password, or at least your password, frequently and collect and use other good WordPress security tips to keep hackers out!