The how to fix hacked wordpress site Codex has an outline of what permissions are okay. File and directory permissions can be changed either via an FTP client or within the administrative page from the hosting company.
Use strong passwords - Do what you can to use a strong password, alpha-numeric. Easy to remember passwords are easy to guess!
It's a WordPress plugin. They are drop dead simple to set up, have all the functions you need for a task such as this, and are relatively inexpensive, especially when compared to having to employ someone to have this done for you.
Install link the WordPress Firewall Plugin. Prevent and this plugin investigates web requests with simple WordPress-specific heuristics to identify attacks that are most obvious.
The plugin should be regularly updated play nice, to remain current with the latest WordPress release and have WordPress and restore capabilities. The ability to clone your website (along with regular copies ) can be helpful if you ever want to do an offline site redesign, among other things.