The fix wordpress malware fix Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either through an FTP client or within the page from your web host.
Strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
Keep your WordPress Setup to date - One of the easiest and most valuable tasks you can do yourself is to make sure your WordPress installation is updated. WordPress i was reading thiswebsite link gives a notice in your dashboard to you, so there is really no reason.
Imagine if you visit WP-Content/plugins, can you see that folder? If so, upload this blank Index.html file into that folder as well so people can't see what plugins you have. Someone can use that to get access because if your current version of WordPress is current, if you're using a plugin or an old plugin using a security hole.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted after three unsuccessful login attempts from a certain IP address for one hour. You can still access your admin panel while away from your office, and yet you have great protection against hackers, if you do so.