The how to fix hacked wordpress site Codex has an outline of what permissions are okay. Directory and file permissions can be changed either through an FTP client or within the administrative page from the hosting company.
Use strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
A snap to move - If, for some reason, you need to relocate your site, such as a domain name change or straight from the source a new hosting company, getting your files at your fingertips can save you oodles of time, headache, and the need for tech help.
You can even get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your site. So that all transactions are recorded, you may even keep history of communication and the all of the cookies. Be certain that all your sites get SSL security for protection from hackers.
Using a plugin for WordPress security makes sense. WordPress backups need to be performed on a regular basis. Don't become a victim as a result of not being proactive about your site!