The how to fix hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the administrative page from the web host.
I might find it somewhat more difficult to crack your password, if you're one of the ones that are proactive. But if you're among the ones that are responsive, I might get you.
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are four definitions which appear within the block. There is a hyperlink inside that section of code. You want to enter that link in your browser, copy the contents which you get back, and then replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate like it a"logged-in" cookie for your website.
You could get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your blog. So that all transactions are listed, you can keep history of communication and the all of the cookies. Make sure all your blogs get SSL security for utmost protection.
Do your homework and some searching, but if Learn More Here you are pressed for time and want to get this done once and for all, try the WordPress safety plugin that I use. It is a relief to know that my site (and company!) are secure.