The fix malware problem Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the administrative page from your web host.
I might find it somewhat more difficult to crack your password if you're one of the ones that are proactive. But if you're among the ones, I might best site just get you.
It's a WordPress plugin. They're drop dead simple to set up, have all the functions you need for a task such as this, and are relatively inexpensive, especially when compared to having right here to employ someone to have this done for you.
In addition to adding a secret key to your wp-config.php file, also think about changing your user password to something that's strong and unique. A great tip is to avoid common phrases, use letters, and include amounts, although wordPress will let you know the strength of your password. It's also a good idea to change your password regularly - say once.
Just make sure you choose a plugin that's current with release and the current version of WordPress, and which you may schedule, restore and clone.