The fix malware problem Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the administrative page from your hosting company.
Don't make the mistake of believing that your hosting company will have your back as far as WordPress copies go. Not find out this here always. It has been my experience that the company may or may not be doing proper backups, while they say that they do. Take that kind of chance?
Keep your WordPress Installation up to find more date - One of the easiest and most valuable tasks you can do yourself is to make sure your WordPress installation is upgraded. WordPress gives a notice in your dashboard to you, so there is really no reason.
Phrases that were whitelists and black based on which field they appear within. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
However, I advise that you install the Login LockDown plugin as opposed to any.htaccess controls. That will stops login requests from being permitted from a certain IP-ADDRESS for an hour or so after three unsuccessful login attempts. It sites is still possible to access your admin mobile while and yet you have great protection against hackers, if you accomplish this.