The fix malware problem Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed through an FTP client or within the page from the web host.
Also, don't make the mistake of believing that your web host will have your back so far as WordPress copies go. Not always. It has been my experience that the company may or may not be doing backups while they say that they do. Take that kind of chance?
This is very handy plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of failed attempts is reached.
You can also create a firewall visit this site that blocks hackers. The hacker is prevented by the firewall from coming to your own files. You also have to have updated version of Apache. Upgrade your PHP also. It is essential that your system is always full of upgrades.
There is. People always know they also could just visit with your login form and where they can login and try outside a different combination of user accounts and passwords. In order to stop this click to read from happening you need to set up Login Lockdown. It's a plugin that lets users attempt and login with a password three times. After that the IP address will be banned from the server for a certain timeframe.