It's also important to change admin username and your password if you are helped by someone with your site and needs admin username and your password to login to do the job. Admin username and your password changes, after all the work is complete. Even if the man is trustworthy, someone in their company might not be. Better to be safe than sorry!
The clean hacked wordpress site Codex has an outline of what permissions are acceptable. File and directory permissions can be changed through an FTP client or within the administrative page from the web host.
Do not depend on your internet host - Many men and women rely on their web host to"do all that technical stuff for me", not realizing that sometimes, they don't! Far better to have the responsibility lie with you, why not try these out instead of out.
Keep control of your online assets - Nothing is worse than getting your livelihood in somebody else's hands. Why take chances with something as important as your website?
You can even get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your site. So that all transactions are recorded, you may even keep the all of the cookies and history of communication. Make sure all your blogs get SSL security for maximum protection from hackers.
Those are three things you check my reference can do to maintain WordPress secure without plugins. Put a blank Index.html file in your folders, run your web host security scan and this article backup your whole account.