The fix wordpress malware removal Codex has an outline of what permissions are okay. Directory and file permissions can be changed through an FTP client or within the page from the hosting company.
After spending a few days and hitting a few spots around town, I eventually find a cafe which offers free, unsecured Wi-Fi and to my pleasure, there are tons of folks sitting around daily connecting their laptops to the"free" Internet services. I sit down and use my handy dandy cracker tool and log . Bear in mind, they are all on a network.
Exploit Scanner goes seeking anything suspicious through the files on your site place, comment and database tables. You are also notified by it for plugin names that are odd. It does not remove anything, it simply warns you for potential threats.
Imagine if you go to WP-Content/plugins, can you see that folder? If so, upload that blank Index.html file inside that folder as well so people can't see what plugins you might have. Because even if your version of WordPress is current, if you're using an old plugin or a plugin with a security hole, then someone can Learn More use this to get access.
Implementing all the above will probably take less than an hour to finish, while making your WordPress site considerably more immune to intrusions. Over 1 million WordPress websites were last year, largely due to preventable security gaps. Have yourself prepared and content you're likely to be on the safe side.