The fix wordpress malware Codex has an outline of what permissions are acceptable. File and directory permissions can be changed through an FTP client or within the page from the hosting company.
A simple way to maintain WordPress safe is to use a few built-in tools. First of all, don't allow people run a web host security scan, to list the documents in your folders and automatically backup your entire web hosting account.
There is a section of config-sample.php that's headed"Authentication Unique Keys." There are. There's a hyperlink inside that section of code. You want to enter that link into your browser, copy the contents which you return, and then replace the keys you have with the unique, pseudo-random keys offered by the site. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
Now we're getting into things. You must rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to set up the database facts there.
There is another problem you have with WordPress. People always know where Look At This they can login and they could just visit your login form and try a different combination of passwords and user accounts outside. In order to prevent this from happening page you want to install Login Lockdown. It is a plugin that only allows users to attempt to login with a wrong password three times. Following that the IP address will be banned from the server for a certain amount of time.