The how to fix hacked wordpress Codex has an outline of what permissions are acceptable. File and directory permissions can be changed via an FTP client or within the page from the web host.
The one I personally recommend, and the stronger approach, is to use one of the password creation and storage plugins available on your browser. I think after a free trial period, you need to pay for it, although people like RoboForm. I use why not check here the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you; then you use one master password to log in.
So what is the ideal solution you should pick? Out of all of the options you can make, which web one should you choose and which one is right find out this here for you specifically now?
Install the WordPress Firewall Plugin. Prevent and this plugin investigates web requests to identify attacks that are obvious.
However, I advise that you set up the Login LockDown plugin in place of any.htaccess controls. This will stop login requests from being allowed from a specific IP address for one hour. You can still get into your admin panel whilst away from your office, and yet you still have great protection against hackers, if you do that.