The fix wordpress malware fix Codex has an outline of what permissions are okay. Directory and file permissions can be changed via an FTP client or within the page from your hosting company.
Essentially, it will all start with the basics. Attempt using passwords. Use letters, numbers, special characters, and spaces and combine them to make a password. You can use usernames that aren't obvious.
One thing you can take is to delete the default administrator account. This is important because if you don't do it, malicious user know a user name that they could attempt to crack.
Now it's time to register for a Facebook accounts that is new and use this person's name and identity. Once I get it all set up, I'll be telling you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever societal try this site site).
Oh . And incidentally, I talked about plugins. Make sure it's a safe one, when you get a plugin. Don't install any plugin because the owner is saying that plugin will allow you to do this or that. Use a test blog to check the plugin, or perhaps get read what he said a software engineer to analyze it. This way you'll know it is not a threat for your business or you.