The repair hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the page from the hosting company.
It all will start with the fundamentals. Try to use complex passwords. Use special characters, numbers, letters, and spaces and combine them to make a unique password. You can use usernames that aren't obvious.
Should you ever wish to migrate your site elsewhere, like a new hosting company, you'd have the ability to pull this off without a hitch, and also without needing to disturb your old site until the new one was in place and ready to roll.
Whitelists pathological-looking phrases and black based on which have a peek at this website area they appear within. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
Do your homework and some searching, but if you're pressed for time and want to get this done once and for all, try out the WordPress safety plugin that I use. It is a relief to know that my website (and business!) are secure.