I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
The fix wordpress malware removal Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed through an FTP client or within the administrative page from your hosting company.
The one I personally recommend, and the approach, is to use one of the creation and storage plugins available on your browser. I believe after a trial period, you have to pay for it, although people like RoboForm. wikipedia reference I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; then you use one master password to log in.
You should also set the"Anyone Can Register" in Settings/General to off, and you ought to have some sort of spam plugin. Akismet is the one I use, the old standby, but there are many of them nowadays.
BACK UP your site frequently and keep a copy on your own computer and storage. For those who have a very active site, back up daily. You spend a whole lot of money and time on your site, don't skip this! Is BackupBuddy, no other plug-ins back up plugins, widgets, your files and database. Need to move your site this will do it in less than a couple of minutes!
Do your homework and some searching, but if you're pressed for time and want to get this try out the WordPress security plugin that I use. It's a relief to know that my website my blog (and business!) are secure.