The how to fix hacked wordpress Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either via an FTP client or within the page from your web host.
Safeguard your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them off, as well as offline. Roboform is for protecting them very good , too. Food for thought!
First in line is creating a password to your account. Passwords must be made with Homepage numbers and special characters. You create small plus shifted letters and can combine them. Smarter passwords can be your gateway to zero hackers. Make passwords that are difficult that only you can consider.
Another step to take to make WordPress more secure is to always upgrade WordPress to the latest version. The reason behind this is that there also come fixes for security holes that are old making it essential to update early.
There is another problem you have with WordPress. People always know where they can login and they also could just drop by with your login form and try a different combination of user accounts and passwords outside. In order to stop this from happening you need to install Login Lockdown. It is a plugin that only lets users attempt to login with a wrong password three times. Following that the IP address will be banned from the server for a certain timeframe.