The fix malware problems free Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the administrative page from your web host.
No software system is resistant to vulnerabilities and bugs. Security holes will be found and bad men will do their best to exploit check these guys out them. Keeping your software read the full info here up-to-date is a fantastic way once security holes are found, because their products will be fixed by software vendors.
You also need to set the"Anyone Can Register" in Settings/General to off, and you ought to have some sort of spam plugin. Akismet is the one I use, the old standby, but there are lots of them nowadays.
So what's the best way? Out of all of the choices that are available right now, which one is right for you personally and which route should you choose?
Don't use wp_ as a prefix for your databases. That default is being eliminated by most web hosting providers now but if yours doesn't, adjust wp_ to anything but that.