The fix wordpress malware cleanup Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either through an FTP client or within the page from your web host.
You can look for software that will backup your database and files. You can easily restore your site by means of your backup More Help files and change if hackers suddenly hack your site.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it can't be found in the root directory. Additionally, nobody will be able to read the document unless they have FTP or SSH access to your server.
Install the WordPress Firewall Plugin. This plugin investigates web requests to identify and prevent most obvious attacks.
Free software: If you've installed free scripts search Google for'wordpress security'. You will get tips.