The fix wordpress malware protection Codex has an outline of what permissions are okay. File and directory permissions can be changed either via an FTP client or within the administrative page from the web host.
Everything you have worked for will proceed with this should your website's server go down. You'll make no sales, get signups or no traffic to your website, and in short, you are out of business until you get the site back up again.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely, if you make regular additions and changes to your website. If you have a community of people that are in there all the time, or make changes multiple times every day, a important site backup should be a minimum.
You can even get an SSL Encyption Security to your WordPress blogs. The SSL Security makes encrypted and secure communications with More Help your blog. So that all transactions are recorded, you may keep history of communication and the all of the cookies. Be certain that all your sites get SSL security for protection from hackers.
Change your password, or admin username and your WordPress password and collect and use fantastic WordPress safety tips to keep hackers out!