The fix wordpress malware virus Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the page from your web host.
Backup plug-ins is also important. You want to backup database and all the files you can bring your blog back like nothing happened.
A snap to move - If, for some reason, you need to relocate your website, like a domain name change or a new web host, having your files at your fingertips can save you oodles of time, headache, and the need for tech help.
Whitelists phrases and black based on which field they appear inside. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
However, I advise that you install the Login LockDown plugin in place of any.htaccess controls. From being allowed after three unsuccessful login attempts from a certain IP address for an hour login requests will click stop. You can get into your admin panel while and yet you have protection against hackers, if you do so.