One of the first things you do when you set up a WordPress site is work on the colors. It's time to add text and information. But what about WordPress security? Don't allow the fun of setting a site that is new up distract you you're putting online.
The fix hacked wordpress site Codex has an outline of what permissions are okay. File and directory permissions can be changed via an FTP client or within the page from the web host.
There are numerous ways to pull this off, and a lot involve copying and FTPing files, exporting and re-establishing more and databases. Some of these are very complex, so it is imperative that you select the one that is right. Then you might site want to look into using a plugin for WordPress backups if you are not of the persuasion that is technical.
Exploit Scanner goes through the files on your site post, comment and database tables in search of anything suspicious. It notifies you for plugin names. It doesn't remove anything, it simply warns you for potential threats.
You can also create a firewall that blocks hackers. The hacker is prevented by the firewall from coming into your own files. You must have updated version of Apache. Upgrade your PHP as well. It is important that your system is full of upgrades.
Oh . And incidentally, I was talking about plugins. Make sure it's a safe one, when you get a plugin. Do not install any plugin because the owner is saying that plugin can help you do this or that. Use a test blog to look at the plugin, or maybe get a software engineer to examine it carefully. This way you'll know it is not a threat for you or your business.