Last year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
The how to fix hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed through an FTP client or within the administrative page from the hosting company.
There are many ways to pull this off, and a lot involve re-establishing more and databases and FTPing files, exporting and copying. Some of them are very complicated, so it's imperative that you go for the best one. If you're not of the persuasion that is technical, then you may want to look into using a plugin for WordPress backups.
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are. There's a hyperlink inside that part of code. You want to enter that link in your browser, copy the contents that you return, and then replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
It's time to register for a new Facebook account and use identity and this person's name. Once I browse this site get it all set up, I'll be emailing you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever societal site).
Implementing all the above will take less than an hour to complete, while making your WordPress website more resistant to intrusions. Sites were cracked this past year, mainly due to preventable safety gaps. Have yourself prepared and you are likely to be on the Get the facts safe side.