When I was in college, one of my company instructors told us students that one of the biggest hurdles to making money was procrastination.
The clean hacked wordpress site Codex has an outline of what permissions are acceptable. File and directory permissions can be changed via an FTP client or within the page from the hosting company.
A simple way to keep WordPress safe is to use a few tools that are built-in. To begin with, don't allow people run a web host security scan to list the documents in your folders and automatically backup your web hosting account.
One click to find out more thing you can take is to delete the default administrator account. This is critical because if you don't do it, a user name which they could attempt to crack is already known by malicious user.
It's really sexy to fan the flames of fear. That's what journalists and bloggers and politicians and public figures mostly do. It's terrific for readership and it brings money. Balderdash.
Do your homework and some searching, but if you are pressed for time and need to get this try the WordPress safety plugin that I use. It is a relief to know that my website (and company!) are secure.