The fix malware problem Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the page from your web host.
An easy way to maintain WordPress safe would be to use a few tools that are built-in. First of all, do not allow people run a web host security scan, to list the documents in your folders and automatically backup your web hosting account.
There is a section of config-sample.php that is headed"Authentication Unique Keys." There are. There's a hyperlink inside that section of code. You want to enter that link into your browser, copy the contents that you return, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your site.
Install the WordPress Firewall Plugin. Prevent and this plugin investigates web requests with WordPress-specific heuristics that blog are simple to recognize attacks.
Don't use wp_ as a prefix for your own databases. Most web hosting Learn More providers are removing that default but if yours does not, fix wp_ to anything but that.