WordPress sites are easily hackable, to avoid this you have to update the themes and plugin often. However, if your site is hacked and your .htaccess file is modified in the root.
This is what the default htaccess contents are.
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress