The fix wordpress malware Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the page from your hosting company.
The one I recommend, and the approach, is to use one of the password generation and storage plugins available for your browser. RoboForm is liked by people, but I think after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you; you then use one find this master password to log in.
Maintain control of your assets that are online - Nothing is worse than having your livelihood in the hands of somebody else. Why take chances with something as important as your website?
Now we are getting into matters. Whenever you install WordPress, you need to edit the file config-sample.php and rename it to config.php. You need to install the database information there.
There is. People know you could try here additionally they could just drop by your login form and where they can login and try a different combination of passwords and user accounts outside. So as to stop this from happening you want to install Login Lockdown. It's a plugin that lets users attempt and login with a wrong password three times. Following that the IP address will be banned from the server for a specific amount of time.