The fix wordpress malware Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the page from your hosting company.
Safeguard your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them offsite, as well as this content offline. Roboform is for protecting them very good . Food for thought!
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it cannot be found in the root directory. Also, nobody else will be able to read the file unless they've FTP or SSH access.
Install the WordPress Firewall Plugin. Prevent and this plugin investigates web requests to recognize attacks.
The plugin should be updated to remain current Read Full Report with the latest WordPress release, play nice with your other plugins and have WordPress and restore capabilities. The ability to clone your site (in addition to regular copies ) can be helpful if you ever need to do an offline visit site redesign, among other things.