Being that I am a web developer, you would think I would have looked into this sooner.
The default installation of WordPress is
very, extremely, embarrassingly insecure.
I would think that, given the commonality of Apache installations for web servers these days that WordPress would come with some basic .htaccess installation options. However, this is not the case. So, I did a quick search and came upon a great article from Hackosis that has a lot of great suggestions for .htaccess files that you
can should install if you have a web host that uses Apache.
You can find that website here:
10 Ways to Secure your WordPress Install
If you are unsure what your web host is using then you should ask them. If they don’t know, then you should switch to a different service.