The fix hacked wordpress database Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either through an FTP client or within the administrative page from your hosting company.
Protect your login credentials - Do not keep your login credentials where a hacker might find them. Store them off, as well as offline. Roboform is very good for protecting them. Food for thought!
Recently, the blog of Reuters was hacked by an unknown hacker and posted a news article that was fake. Their reputation is ruined due to what the hacker did, since Reuters is a next news site. Something similar may happen to you if you do not pay attention.
Note that you should try this step for new installations. You need to change the table names within the database if you might like to get it done for installations.
Oh . And incidentally, I was talking about plugins. Make sure it's a safe one when you get a new you can try this out plugin. Don't install any plugin because the owner is saying on his site that plugin will allow you to do this or that. Use maybe, or a test site to check the plugin get a software engineer to analyze it carefully. This way you'll know it isn't a threat for your organization or you.