The fix hacked wordpress site Codex has an outline of what permissions are okay. File and directory permissions can be changed either through an FTP client or within the page from the hosting company.
This is fantastic news because it means that there is a community of users and developers who could further enhance the platform. However there is a group there will always be people who will attempt to take down them.
This is very useful plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Along with adding a secret key to your wp-config.php document, also consider changing your user password into something that's strong and unique. WordPress will let you know the strength of your password, but a good tip is to avoid common phrases, use upper and lowercase letters, and include numbers. It's also a good idea to change your password frequently - recommended you read say once every six months.
Don't use wp_ as a prefix for your own databases. Web hosting providers are eliminating that default but if yours doesn't, adjust wp_ to anything but that.