The how to fix hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed through an FTP client or within the page from your hosting company.
No software system is resistant to vulnerabilities and bugs. Security holes will be found and men will do their best to exploit them. Keeping your software up-to-date is a check that good way to stave off attacks, once security holes are found, because their products will be fixed by reliable software vendors.
I don't think there's a person out there that after learning how much of a problem WordPress hacking is that it is a good idea to boost the security of their blogs. However is that when it comes to securing their blogs, bloggers seem to be stuck in this reactive state.
As I (our fictitious Joe the Hacker) know, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts which all include logins and passwords you need to remember.
Free software: If you have installed scripts that are free like Wordpress, search Google for'wordpress security'. You will get many tips.