The fix wordpress malware attack Codex has an outline of what permissions are okay. Directory and file permissions can be changed via an FTP client or within the page from the web host.
No software system is resistant to vulnerabilities and bugs. Security holes will be discovered and guys will do their best to exploit them. Keeping your software up-to-date is a fantastic way because reliable software sellers will fix their products once security holes are found.
Is to delete the default administrator account. This is important because if you don't do it, a user name that they could attempt to crack is known by malicious user.
Can you see that folder what if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can not see what plugins you have. Because if your existing version of published here WordPress anchor is current, if you are using a plugin or an old plugin using a security hole, then someone can use this to get access.
Of course you can install more plugins to make your store more user-friendly like automatic plugin or share buttons. That's all. Your shop is now up and running!