The fix hacked wordpress Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the administrative page from your hosting company.
It all will start with the basics. Attempt to use complex passwords. Use spaces, numbers, special characters, and letters and combine them to create a password that is unique. You could also use usernames that aren't obvious.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of webpages (which contains, and blog here is usually limited to, your webpage navigation menus).
What if you visit WP-Content/plugins, can you see that folder? If so, upload that blank Index.html file into that folder as well so people can't view what plugins you have. Because if your version of WordPress is current, if you're using a plugin or an old plugin using a security hole, then someone can use this to get access.
However, I recommend that you install the Login LockDown plugin in try this place of any.htaccess controls. That will stop login requests from being allowed from a certain IP address for one hour. You may still get into your panel whilst and yet you have protection against hackers, if you do that.