I don't know about you, but I researched to see what others were doing to maintain their blog safe, and when I first secured my WordPress site, I found information that I was confused. And some of the information was in fact on superstitious or the top. People told me rename this folder, to rename this file and install these ten plugins. It appeared to be quite a lot of work and effort.
The secure your wordpress site Codex has an outline of what permissions are okay. Directory and file permissions can be changed through an FTP client or within the page from the web host.
There are numerous ways to pull off this, and many of them involve re-establishing more and databases and FTPing files, exporting and copying. Some of them are very complicated, so it's important that you go for the best one. If you are not of the persuasion that is technical, then you may want to check into using a plugin for WordPress backups.
Move your wp-config.php file basics up one directory from the WordPress root. WordPress will look for it there if it can't be found in the main directory. Additionally, nobody will be able to read the helpful site file unless they've SSH or FTP access.
Imagine if you visit WP-Content/plugins, can you view that folder? If so, upload this blank Index.html file inside that folder as well so people can not view what plugins you might have. Someone can use that to get access because if your current version of WordPress is up to date, if you are using a plugin or an old plugin with a security hole.
Implementing all of the above will take less than an hour to complete, while making your WordPress website more immune to intrusions. Sites were last year, mainly due to preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.