The fix wordpress malware attack Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the administrative page from your hosting company.
Use strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
Move your wp-config.php file up one directory from the WordPress root. WordPress go to my site will look for it if it cannot be found in the main directory. Also, nobody will be able to read the document unless they have FTP or SSH access.
Safety plug-ins can be thought of as a security checker. They scan and check the entire website and page give you information about the weaknesses of the site.
Just ensure that you can schedule, and you decide on a plugin that's up to date with release and the version of WordPress, restore and replicate.