The how to fix hacked wordpress Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the page from your web host.
Truth is, if your own site is targeted by a competent master of the script, there is no way. What you are about to read below are some measures you can take to quickly minimize the threat to an acceptable level. If your WordPress site is well protected odds are a hacker would prefer picking easier victim, another.
So what is the solution you should pick? Out of all of the options you can make, which one should you choose and which one is right for you at the moment?
You could even get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your site. You can keep the all the cookies and history of communication so that all transactions are listed. Be certain that all your blogs get SSL security for maximum protection.
However, I recommend that you install the Login LockDown plugin instead of any.htaccess controls. Login check out this site requests will stop from being allowed after three unsuccessful login attempts from a certain IP address for an hour. If you do so, you can still access your admin panel whilst away from your office, and yet you have good protection against hackers.