WordPress sites are easily hackable, to avoid this you have to update the themes and plugin often. However, if your site is hacked and your .htaccess file is modified in the  root.

This is what the default htaccess contents are.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress