Part of securing a WordPress installation is checking up on your file permissions. In order to prevent overwriting by malicious code, limit the permissions to read-only except where necessary.
Here’s a good start:
| Relative Path | Suggested permissions |
|---|---|
| / | 0755 |
| /wp-admin | 0755 |
| /wp-includes | 0755 |
| /wp-config.php | 0444 |
| /wp-content | 0755 |
| /wp-content/themes | 0755 |
| /wp-content/plugins | 0755 |
| .htaccess | 0444 |
I should also mention that I highly recommend WordFence for securing the internal WP system itself.