The fix wordpress malware plugin Codex has an outline of what permissions are okay. File and directory permissions can be changed either through an FTP client or within the administrative page from your hosting company.
No software system is resistant to vulnerabilities and bugs. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software up-to-date is a good way once security holes are found because their products will be fixed by reliable software sellers.
Keeping your WordPress site up-to-date is one see it here of the simplest things you like this can do. For the last few versions, WordPress has included the ability to set up updates. Not only that, but websites are notified whenever a new update becomes available.
Now we are getting into things specific to WordPress. You must rename it to config.php and modify the document config-sample.php, when you install WordPress. You need to deploy the database facts there.
Those are three simple things you can do to maintain WordPress secure without plugins. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.