The rename your login url to secure your wordpress website Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the page from the web host.
If you're one of the ones that are proactive, I might find it a little harder to crack your password. But if you're among the ones that are reactive, I might just get you.
Maintain control of your online assets - Nothing is worse than getting your livelihood in the hands of someone else. Why take chances with something as important as your website?
You can also create a firewall that blocks hackers. From coming to your own files, the firewall prevents the hacker. You also have to have updated version of Apache. Upgrade your PHP as well. It is essential that your system is full of upgrades.
There is another problem you have with WordPress. People always know additionally they could visit your login form and where they can login and try a different combination of user accounts and get more passwords out. In order to prevent this from happening you could try these out you want to set up Login Lockdown. It's a plugin that allows users to attempt to login with a password three times. After that the IP address will be banned from the server for a specific amount of time.