The fix wordpress malware virus Codex has an outline of what permissions are okay. Directory and file permissions can be changed through an FTP client or within the administrative page from the hosting company.
Safeguard your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is very good for protecting them, also. Food for thought!
There's a section of config-sample.php that's headed"Authentication Unique Keys." There are. A hyperlink is inside that section of code. You need to enter that link in your browser, copy the contents which you return, and replace the keys you have with the unique, pseudo-random keys offered by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
Note that you should try this last step for setups. If you might like to do it you'll also need to change all of the table names inside the database.
There is. People always know they could visit your login form and where they can login and try a different combination of user accounts and passwords out. So as to stop this from visit here happening you want to install Login Lockdown. It's a plugin that lets users attempt to login with a wrong password three times. After that the IP address will be banned from the server for a specific timeframe.