The fix wordpress malware plugin Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed through an FTP client or within the administrative page from your web host.
The approach, and the one I recommend, is to use one of the password creation and storage plugins available on your browser. Lots of people like RoboForm, but I think after a trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; then you use one master password to log in.
For me it's a WordPress plugin. They're drop dead easy to site here set up, have all the functions you need for a task like this, and are relatively inexpensive, especially when compared to having to hire someone to have this done for you.
Take note of your password! I recommend the free or paid version of the software *Roboform* to remember your passwords.
However, I recommend that you install the Login LockDown plugin in place of any.htaccess controls. Login requests browse around this web-site will stop from being permitted after three unsuccessful login attempts from a certain IP address for one hour. You can access your admin panel whilst away from your workplace, and yet you have protection against hackers, if you do so.