Last year and a half educated us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a prey for hackers.
The fix wordpress malware virus Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed through an FTP client or within the page from your web host.
A simple way is to use a few tools. To begin with, do not look at this website allow people run a web host security scan, to list the files in your folders and automatically backup your web hosting account.
A snap to move - If, for some reason, you want to relocate your website, like a domain name change or a new web host, getting your files at your fingertips can save you oodles of time, headache, and the need for tech help.
Can you see that folder, Imagine if you visit WP-Content/plugins? If so, upload that blank Index.html file inside that folder as well so people can not see what plugins you have. Because even if your version of WordPress is up to date, if you are using an old plugin or a plugin using a security hole, then someone can use official website this to get access.
Software: If you have installed free scripts search Google for'wordpress security'. You'll get many tips.