rename your login url to secure your wordpress website will even tell you that there is no htaccess in the wp-admin/ directory. You may put a.htaccess file within this directory if you desire, and you can use it to control access to the wp-admin directory or address range. Details of how to do this are easily available on the internet.
I protect an access to important files on the site's server by placing an index.html file in the particular directory, which hides the files out of public view.
A snap to move - If, for some reason, you need to relocate your site, like a domain name change or a new web host, having your files at your fingertips can save you oodles of read time, hassle, and the need for tech help.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you have to edit the file config-sample.php and rename it to config.php. You need to install the database details there.
Those are three very simple things you can do to keep WordPress safe Continue without plugins. Put a blank Index.html file in your folders, run your web host security scan and backup your entire account.