The fix wordpress malware attack Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the page from your hosting company.
Hackers don't have the power once you got all these lined up for your own security, to come to a WordPress blog. You definitely can have a safe WordPress account that provides you big bucks from affiliate marketing.
Harness Scanner goes through the files on your website place, comment and database tables. You are also notified by it for plugin names Learn More Here that are unusual. It doesn't remove anything, it simply warns you for possible threats.
It's really sexy to fan the flames of fear. That is what Discover More bloggers and journalists and politicians and public figures do. It's great for readership and link it brings money. Balderdash.
However, I advise that you install the Login LockDown plugin instead of any.htaccess controls. That will stop login requests from being allowed from a certain IP address for an hour. You can still get into your panel while and yet you have protection against hackers if you do that.