The fix wordpress malware Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed through an FTP client or within the page from your web host.
The approach, and the one I personally recommend, is to use one of the creation and storage plugins available on your browser. I believe after a free trial period, you view publisher site need to pay for it, although many people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; you then use one master password to visit log in.
First in line is creating a smarter password for your account. Passwords must be made with special characters and numbers. You create plus altered letters and may combine them. Smarter passwords can be your gateway to zero hackers. Make difficult passwords that you can consider.
BACK UP your website frequently and keep a copy on your computer and off-site storage. Back, if you have a website. additional hints You spend a lot of time and money on your website, don't skip this! The one solution that does it all is BackupBuddy, no back up widgets your documents, plugins and database. Need to move your website to another host, this will do it in under a couple of minutes!
Those are three very simple things you can do to maintain WordPress safe without plugins. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.