The fix wordpress malware Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the administrative page from the web host.
Truth is, if your own site is targeted by a capable master of the script, there is no way. Everything you are about to read below are a few precautionary measures you can take to quickly minimize the risk to try this web-site an acceptable degree. Odds are a hacker would prefer choosing easier victim, another, if your WordPress site is well protected.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it if it cannot be found in the root directory. Also, nobody will have the ability to read this website the document unless they have FTP or SSH access to your server.
Note that here are the findings you should try this step for setups. You need to change the table names inside the database, if you might like to get it done for existing installations.
Implementing all the above will probably take less than an hour to finish, while making your WordPress site considerably more resistant to intrusions. Sites were cracked this past year, mainly due to easily preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.