
The how to fix hacked wordpress site Codex has an outline of what permissions are acceptable. File and directory permissions can be changed via an FTP client or within the administrative page from your hosting company.
Do not depend on your internet host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimesthey don't! Far better to have the responsibility lie rather than out.
For me it's a WordPress plugin. They are drop dead easy to set up, have all the features you need for a job like this, and are relatively inexpensive, especially when compared to having to hire someone to get this done for you.
Another step to take to make WordPress secure is to upgrade WordPress to the latest version. The reason for this is that there come fixes for security holes that are older which makes it essential to upgrade.
Oh . And incidentally, I was talking about plugins. Make sure it's a secure one, when you get a plugin. Don't install Discover More Here any plugin simply because the owner is saying on his website that plugin can allow you to do this or that. Use a test blog to look at the plugin, or maybe get a software engineer to examine it carefully. This way is not a threat for you or your organization.