The fix wordpress malware attack Codex has an outline of what permissions are okay. File and directory permissions can be changed through an FTP client or within the page from the hosting company.
The approach, and the one I recommend, is to use one of the password generation and storage plugins available on your browser. I believe after a trial period, you have to pay for it, although RoboForm is liked by Lots of people. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate secure passwords for you; then you use one master password to log in.
Recently, the blog of Reuters was hacked by an unknown hacker and published a news article that was fake. Their reputation is already ruined because of what the hacker did, since Reuters is a popular news website. The same thing may happen to you if you do not pay attention on the security of your WordPress blog.
Black and phrases look at these guys that were whitelists based on which area they appear within. (unknown/numeric parameters vs. known article bodies, remark bodies, etc.).
Those are. Set a blank Index.html file in your folders, check my source run your web host security scan and backup your whole account.