The repair hacked wordpress site Codex has an outline of what permissions are acceptable. File and directory permissions can be changed via an FTP client or within the administrative page from the hosting company.
Protect your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is good for protecting them, too. Food for thought!
Should you ever want to migrate your site elsewhere, such wikipedia reference as a new web host, you'd be able to pull this off without a hitch, and also without having to disturb your old site until the new one was in place and ready to roll.
Now we're getting into things. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You need to install the database information there.
Do your homework and some hunting, but if you're pressed for time and want to get this try out the WordPress security plugin that I use. It's a relief to know that my website (and company!) are secure.