The fix wordpress malware scanner Codex has an outline of what permissions are okay. Directory and file permissions can be changed either through an FTP client or within the page from the web host.
An easy way to maintain WordPress safe would be to use a few tools. First of all, do not allow people to list the files in your folders, run a web host security scan and automatically backup your web hosting account.
Keep your WordPress Setup to date - One of the easiest and most valuable tasks you can do yourself is to ensure that your WordPress installation is updated. WordPress gives you a notice in your dashboard, so there's really no reason.
Along with adding a secret key to your wp-config.php file, also consider altering your user image source password into something that's strong and unique. WordPress will let you know the strength of your password, but include numbers, use letters, and a good idea is to avoid phrases. It's also a click for more good idea to change your password frequently - say once.
Using a plugin for WordPress security makes sense. Backups need to be performed on a regular basis. Don't become a victim of not being proactive about your website here 16, as a result!