The fix malware problem Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either via an FTP client or within the page from the hosting company.
Protect your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them offsite, and even offline. Roboform is for protecting them very good . Food for thought!
You first must create a new user with administrator rights, before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all of the information you will need to enter.
Install the WordPress Firewall Plugin. This plugin investigates web requests with WordPress-specific heuristics that are simple to identify and stop attacks that are obvious.
There is. People always know they could drop by with your login form and where they can login and try outside click here for info a different combination of user accounts and passwords. So as to prevent this from happening you need to set up Login Lockdown. It's a plugin that only allows users to attempt and login with a wrong password three times. After that the IP address will be banned from the server for a certain amount of time.