I have had two WordPress blogs hacked into previously. That was at a time when I was doing virtually no internet advertising, and until I found time to handle the situation (weeks later), these sites were penalized in the major search engines. They were not eliminated, no matter how the ratings were reduced.
The fix wordpress malware fix Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either through an FTP client or within the page from the hosting company.
This is great news as it means that there is a strong community of users and developers that can enhance the platform. However there's a big group of people attempting to achieve something, there will always be people who will attempt to take them down.
A snap to move - If, for some reason, you want to relocate your website, like a domain name change or a new web host, having your files at your fingertips can save you oodles of time, hassle, and the demand for tech help.
What if you go to WP-Content/plugins, can you view that folder? If so, upload this blank Index.html file inside that folder as well so people can't view what plugins you have. Because even if your version of WordPress is current, if you're using a plugin or an old plugin with a security hole, read this post here then someone can use that to get access.
You do not always consider needing security, Whenever your site is new but you do have to protect your investment and yourself. Having a site go down and not being able to restore it quickly may mean a big loss of consumers who won't remember to look for your site later and can not find you. Don't let this happen to you. Back your site up as soon as you get it started, as the website is operational and schedule backups for as long. That way, you will have peace and WordPress security of mind.