It's also important to change admin username and your password if you are helped by someone and needs admin username and your password to login to do the work. After all the work is complete, IMMEDIATELY change your password and admin username. Even if the man is trustworthy, someone in their company might not be. Better to be safe than sorry!
Finally, fix wordpress malware fix will tell you that there's no htaccess from the wp-admin/ directory. You may put a.htaccess file into this directory if you wish, and you can use it to control access by IP address to the directory or address range. Details of how to do that are available on the net.
I might find it somewhat more difficult to crack your password if you're among straight from the source the ones that are proactive. But if you're one of those ones, I might get you.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it cannot be found in the main directory. Additionally, nobody will have the ability to read the document unless they have SSH or FTP access to your server.
BACK UP your website and keep a copy on your own computer and storage. If you have a site that is very active, back up daily. You spend imp source a whole lot of time and money on your site, do not skip this! Is BackupBuddy, no back up plugins, widgets, your files and database. Need to move your site this will do it!
Implementing all the above will my latest blog post take less than an hour to finish, while making your WordPress website more resistant to intrusions. Websites were last year, mainly due to preventable security gaps. Have yourself prepared and you are likely to be on the safe side.