Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
The how to fix hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the page from the web host.
It will start with the fundamentals. Try using complex passwords. Use spaces, numbers, special characters, and letters and combine them to create a password. You could also use usernames that are not obvious.
For me it's a WordPress plugin. They're drop dead simple to set up, have all the features you need for a job such as see this, and are relatively cheap, especially when compared to having to hire someone to get this done for you.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a fantastic choice and you can use it for free.
Do your homework and some searching, but if you are pressed for time and want to get this try out the WordPress security plugin that I use. It is a relief to know that my website (and company!) are secure.