The fix hacked wordpress database Codex has an outline of what permissions are acceptable. File and directory permissions can be changed through an FTP client or within the administrative page from the web host.
Basically, it all will start with the fundamentals. Attempt using complex passwords. Use letters, numbers, special characters, and spaces and combine them to create a password. You could also use usernames that aren't obvious.
You should also set the"Anyone Can Register" in Settings/General this post to off, and you ought to have some sort of spam plugin. Akismet is the one I use, the old standby, but there are many of them nowadays.
Imagine if you go to WP-Content/plugins, can you view that folder? If so, upload that blank Index.html file visite site inside that folder as well so people can not see what plugins you have. Because if your existing version of WordPress is current, if you're using a plugin or an old plugin using a security hole, then someone can use that to get access.
Those are. Put a blank Index.html file in your folders, navigate here run your web host security scan and backup your whole account.