I back my blogs frequently using a plugin WP DB Backup up. I will restore my website to the last 13, if anything happens. I use WP Security Scan plugin to scan my blog regularly and requests that are suspicious-looking to be blocked by WordPress Firewall to fix wordpress malware virus.
The approach, and the one I recommend, is to use one of the password creation and storage plugins available for your browser. Many people like RoboForm, but I believe after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate passwords for you; you use one master password to log in.
Should you ever want to migrate your website elsewhere, such as a new web host, you'd be able to pull this Homepage off without a hitch, and also without having to disturb your old site until the new one was set up and ready to roll.
Note that you should try this step for setups. You will also have to change of the table names within the database, if you might like to get it done for installations.
However, I advise that you install the Login LockDown plugin instead of any.htaccess controls. From being allowed after three unsuccessful login attempts from a specific IP address for one hour, login requests will stop. If you do that, you can still get into your panel whilst away from your workplace, and yet you still have good protection against hackers.