The fix wordpress malware scanner Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the page from the hosting company.
Do not depend on your Web host - Many men and women rely on their web host to"do all that technical stuff for me", not realizing that sometimesthey do not! Far better to have the responsibility lie instead of More Help out.
This is quite useful plugin, protecting you against brute-force password-crack additional hints strikes. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts when a certain number of failed attempts is reached.
It is really sexy to fan the flames of fear. That's what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money into the war chests. Balderdash.
However, I advise that you install the Login LockDown plugin in place of any.htaccess controls. From being permitted after three failed login attempts from a specific IP address for an hour, login requests will stop. You may get into your panel whilst away from your workplace, and yet you still have protection against hackers if you do so.