The how to fix hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the page from your hosting company.
Don't depend on your Web host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie rather than from your control.
Move your visit the site wp-config.php Related Site file up one directory from the WordPress root. WordPress will look for it if it cannot be found in the main directory. Also, nobody will be able to read the file unless they've SSH or FTP access to your server.
Another step to take to make WordPress more secure is to upgrade WordPress. The main reason behind this is that with each update there come fixes for old security holes making it essential to update early.
The plugin should be updated play nice with your plugins to stay current with the latest WordPress release and have WordPress cloning and restore capabilities. The ability to clone your website (along with regular copies ) can be useful if you ever want to do an offline site redesign, look at this now among other things.