I'm quite surprised/embarressed by file-structure, no htaccess protection

Foreword: Sorry if I address a question that is already solved. If that’s so, then I just didn’t use the right search terms so far on wordpress.org.

Hi!
Just yesterday I installed the current WordPress version.
It’s the first time I tried to use it, and I must say, I had very high expectiations and hopes.

So far I used php-software that in it’s strucute is based on over 10 year old code, code that someone provided me with. (I doubt he wrote it all himslef, but there was no copyright or owner notice in it at all, so I can’t say if it’s based on some available software.)

Fact is: All files in that software that were possibly behind .htaccess (user and password) protection were actually behind such .htaccess protection. (And the software consequently used all security measures in programming, that should be used – and often weren’t used by all the software I heard about in the last over 10 years.)

Now – over ten years later – WordPress, one of the major players in CMS software, simply doesn’t have a suitable structure; a structure that would make it easily to deploy such .htaccess protection.

I’m really embarressed and unpleasently surprised about that.

So my questions are:
1. Is there any suitable guide how to deploy that .htaccess security on a newly installed wordpress, without using plugins?
2. Especially is there an official lis of files that could be put behind .htaccess protection, a list officially by wordpress.org?
Some sort of determined files that will be stable for the coming versions in their function, and could so be build upon; files one could be sure about custom code and settings build upon them will work in the coming one year/six months, regardless which other regular strutcural official updates of wordpress will come.

Sincerely
AB Smith