The fix wordpress malware removal Codex has an outline of what permissions are acceptable. File and directory permissions can be changed via an FTP client or within the administrative page from your web host.
Don't make the mistake of believing that your web host will have your back so far as WordPress copies go. Not always. While they say they do, it has been my experience that the company may you can look here or may not be doing proper my explanation backups. Take that kind of chance?
While it's an odd term, it represents a task that is essential : making a WordPress backup of your site to work on offline, or in the event something should go amiss. We are not only being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% uptime, and if you've had this happen to you, you understand the panic is it can cause.
You can make a firewall that blocks hackers. From coming into your own files, the hacker is prevented by the firewall. You must also have updated version of Apache. Upgrade your PHP. It's essential that your system is full of upgrades.
Implementing all the above will take less than an hour to finish, while making your WordPress site more immune to intrusions. Websites were cracked this past year, mainly due to easily preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.