The fix wordpress malware attack Codex has an outline of what permissions are okay. Directory and file permissions can be changed either through an FTP client or within the administrative page from your web host.
Also, don't make the mistake of thinking that your hosting company will have your back so far as WordPress backups go. Not always. While they say they do, it has been my experience that the company may or may not be doing proper backups. Take that kind of chance?
You should also place the"Anyone Can Register" in Settings/General to off, and you ought to have some type of spam plugin. Akismet is the old standby, the one I use, but there are many of them these days.
BACK UP your site and keep a copy on your computer and storage. For those who have a very active website, back up every day. You spend a lot of money and time on your site, don't skip this! The one complete solution that does it all is BackupBuddy, no visit this web-site back up widgets your documents, plugins and database. Need to move your site this will do it!
Always keep in mind the security of your blogs depend on how you manage them. Be certain that you follow these tips to avoid exploits and hacks on your own blogs and websites.