The secure your wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the administrative page from your web host.
Is also significant. You need to backup all the files and database you can bring your blog back like nothing.
Yes, you This Site need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely, if you make changes and regular additions to your website. If you have a community of people that are in there all the time, or make changes multiple times a day, a daily backup should be a minimum.
As I (our fictitious Joe the Hacker) know, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, internet hosting, etc. accounts which all come with logins and passwords you will need to remember.
Those are. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.