The how to fix hacked wordpress Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either via an FTP client or within the page from the hosting company.
No software system is immune to vulnerabilities and bugs. Security holes will be discovered and men will do their best to exploit them. Keeping your software up-to-date is a good way once security holes are found because their products will be fixed by software vendors.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely, if you make changes and additions to your website. If you have a community of people which are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
WordPress is one of the platforms for sites and sites. While WordPress is pretty secure out of the box, there are always going to be individuals who want to create trouble by finding link a way to split into sites or accounts to cause harm or inject hidden spammy links. That is why it's essential to be certain that your WordPress installation is as safe as possible.
Just ensure you choose a plugin that is current with the current version and release of WordPress, and that a knockout post you may schedule, restore and clone.