The secure your wordpress site Codex has an outline of what permissions are acceptable. File and directory permissions can be changed via an FTP client or within the page from your web host.
I protect an access to important files on the blog's server by placing an index.html file in the particular directory, that hides the files from public view.
Recently, an unknown hacker company website murdered the blog of Reuters and posted a news article. Their reputation is already ruined due to what the hacker did since Reuters is a news website. The same thing may happen to you if you do not pay attention.
Note that you should try this step for setups. You will also have to change all of the table names within the database if you would like to get it done for existing installations.
These are only some. Great thing is that they don't require much time to do. These are also options, which can be done.