Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
The how to fix hacked wordpress site Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the page from your web host.
Backup plug-ins is also important. You want to backup database and all the files so in case of a sudden attack, you can easily bring your own site back like nothing happened.
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it can't be found in the root directory. Also, nobody will be able to read the document unless they've SSH or FTP access.
Now we're getting into things specific to WordPress. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You need to install the database information there.
There are always going to be risks being online (or even just being alive!) check Also it's easy to get caught up in the fear. We often put the breaks on As soon as we get caught up in the fear. This isn't a reaction that is good. Take some common sense precautions forge ahead. It will need to be addressed then, if something does happen and no amount of quaking in your will have helped. All is good, if nothing does and you have not made yourself ill with worry.