You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
The fix wordpress malware cleanup Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the administrative page from your hosting company.
Use strong passwords - Do your best to use a strong password, alpha-numeric. Easy to remember passwords are easy to guess!
Maintain control of your assets - Nothing is worse than getting your livelihood in the hands of someone else. Why take chances with something as important as your website?
Along with adding a secret key to your wp-config.php document, use this link also consider altering your user password to something that's strong and unique. WordPress will tell you the strength of your password, but include amounts, use letters, and a great check my source tip is to avoid phrases. It's also a good idea to change your password regularly - say once every six months.
There is another problem you have with WordPress. People always know additionally they try these out could drop by your login form and where they can login and try out a different combination of user accounts and passwords. So as to stop this from happening you want to set up Login Lockdown. It is a plugin that allows users to attempt and login with a password three times. Following that the IP address will be banned from the server for a specific timeframe.