The fix wordpress malware fix Codex has an outline of what permissions are okay. File and directory permissions can be changed either through an FTP client or within the administrative page from the hosting company.
The one I recommend, and the more powerful approach, is to use one of the creation and storage plugins available for your browser. I believe after a trial period, you need to pay for it, although RoboForm is liked by Lots of people. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate secure passwords for you; you use one master password to log in.
In case you ever want to migrate your site elsewhere, such as a new hosting company, you'd have the ability to pull this off without a hitch, and also without needing to disturb your old site until the new one was set up and ready to roll.
Now we are getting into matters. Whenever you install WordPress, you have to edit the file config-sample.php and rename it to config.php. You want to install the database details there.
Software: If you've article source installed scripts search Google for'wordpress security'. You will get many tips on how best to create your WP blog secure.