The fix wordpress malware scanner Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the page from your hosting company.
I protect an access to important files on the blog's server by placing an index.html file in the particular directory, which hides the files from public view.
1 thing you can take is to delete the default administrator account. This is critical because address if you don't do it, malicious user know a user name which they could attempt to crack.
Note that this last step for new installations should only try. You need to image source change all the table names within the database if you might like to do it for existing installations.
Oh . And incidentally, I talked about plugins. When you get a new plugin, make sure it's a secure one. Do not install any plugin because the owner is saying on his site that plugin can help you do this or that. Use get a software engineer to examine it, or perhaps a test blog to check the plugin. This way you'll know it isn't a article source threat for your business or you.