The fix wordpress malware Codex has an outline of what permissions are okay. File and directory permissions can be changed through an FTP client or within the page from your web host.
There are many ways to pull this off, and a lot of them involve re-establishing more and databases and FTPing files, exporting and copying. Some of these are very complex, so it is imperative that you go for the right one. Then you may want to check into using a plugin for WordPress backups, if you are not of the persuasion.
Fortunately, keeping your WordPress website up-to-date is one of the easiest things you can do. For the past couple of versions, WordPress has included the ability to set up automatic updates. A new upgrade becomes available.
Install the WordPress Firewall Plugin. Stop and this check my site plugin investigates web requests with recommended you read heuristics to recognize most obvious attacks.
I prefer to use a WordPress plugin to get the job done. Just make sure the plugin you choose is in a position to do copies, has restore and can clone. Also be sure that it is frequently updated to keep pace. There's absolutely no use in not functioning, and backing your data up to a plugin that is out of date.