The fix wordpress malware protection Codex has an outline of what permissions are okay. File and directory permissions can be changed via an FTP client or within the administrative page from the hosting company.
Strong passwords - Do what you can to use a strong password, alpha-numeric. Easy to remember passwords are also easy to guess!
You must create a user with administrator rights, before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all of the information you will need to enter.
Can you see that folder Imagine if you go to WP-Content/plugins? If so, upload that blank Index.html file inside that folder as well so people can't see what plugins you might have. Because if your version of WordPress is up to date, if you're using a plugin or an old plugin with a security hole, someone can use this to get my blog access.
There are always going to be risks being online (or even just being alive!) And it's easy to get caught up in the fear. As soon as we get caught up in the panic, we often put the breaks on. This isn't a good reaction. Just take some common sense precautions forge ahead. It will need to be addressed then, if something bad does happen and of quaking in your boots 23, no amount will visit our website have helped. If nothing find this does, all is good and you have not made yourself ill.