Part of securing a WordPress installation is checking up on your file permissions. In order to prevent overwriting by malicious code, limit the permissions to read-only except where necessary.
Here’s a good start:
|Relative Path||Suggested permissions|
I should also mention that I highly recommend WordFence for securing the internal WP system itself.