The rename your login url to secure your wordpress website Codex has an outline of what permissions are okay. Directory and file permissions can be changed via an FTP client or within the page from your web host.
If you're one of the ones that are proactive, I might find it a little more difficult to crack your password. But if you're among the responsive ones, I might visit this site right here get you.
I don't think there is a person out he has a good point there that after learning just how much of a problem WordPress hacking is that it is a good idea. Something I've noticed through the years is that when it comes to securing their sites, bloggers seem to be stuck in this state that is reactive.
Whitelists pathological-looking phrases and black based on which area they appear within. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Do not use wp_ as a prefix for your databases. That default is being eliminated by most web hosting providers now but if yours doesn't, fix wp_ to anything but that.