The fix wordpress malware fix Codex has an outline of what permissions are okay. Directory and file permissions can be changed through an FTP client or within the administrative page from the hosting company.
After spending a few days and hitting several spots around town, I eventually find a cafe which offers free, unsecured Wi-Fi and to my pleasure, there are tons of folks sitting around daily connecting their laptops to the"free" Internet service. I use my handy dandy cracker tool that is Wi-Fi and sit down and log myself into people's computers. Remember, they are all on a network that is shared.
While it's an odd term, it represents a task that is necessary : making a WordPress copy of your site to work on offline, or in case something should go amiss. We're not only being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% uptime, and if you've had this happen to you, you understand the fear is it can cause.
You could get an SSL Encyption Security for your WordPress blogs. The SSL Security makes encrypted and secure communications with your blog. So that all transactions are recorded, you can also keep history of communication and the all of the cookies. Make sure that all your blogs get SSL security for maximum protection from hackers.
However, I recommend that you install the Login explanation LockDown plugin instead of any.htaccess controls. From being permitted after three unsuccessful login attempts from a certain IP address for an hour login requests will stop. You can get into your admin panel while and yet you have protection against hackers if you do that.