The fix wordpress malware scanner Codex has an outline of what permissions are okay. File and directory permissions can be changed either through an FTP client or within the administrative page from your web host.
Safeguard your login credentials - Do not keep your login credentials where a hacker could locate them. Store them offsite, as well as offline. Roboform is good for protecting them. Food for thought!
Keep control of your assets that are online - Nothing is worse than getting your livelihood in someone about his else's hands. Why take chances with something as important as your website?
You could also get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your blog. You can also keep history of communication and the all the cookies so that all transactions are listed. Be certain that all your sites get SSL security for utmost protection.
The plugin should be updated have WordPress, play nice with all your plugins and to stay current with the latest WordPress release and restore capabilities. The ability to clone your site (in addition to regular backups) can be helpful if you ever want to do an offline website redesign, among other things.