The fix wordpress malware protection Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the page from the web host.
The one I recommend, and the stronger approach, is to use one of the generation and storage plugins available on your browser. I think after a trial period, you have to pay for it, although Lots of people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords helpful hints for you.
There's a section of config-sample.php that's headed"Authentication Unique Keys." There are. There's a hyperlink inside that section of code. You want to enter that link into your browser, copy the contents which you get back, and replace the keys you have with the unique, pseudo-random keys offered by the site. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
Now it's time to sign up for a new Facebook account and use this person's name other and identity to pose as your friend. After I get it all set up, I'll be telling you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever societal site).
Just make sure that you may schedule, and you decide on a plugin that's up to date with the version and release of WordPress, restore and clone.