The clean hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the page from your web host.
You can search. If hackers abruptly hack your site, you can easily restore your website by means of your files and change.
You must create a user with administrator rights before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Then enter all the information you will need to enter.
Install the WordPress Firewall Plugin. This plugin investigates web requests to identify and stop attacks that are obvious.
Oh . And by the way, I was talking about plugins. Make sure it's a safe one, when you get a new plugin. Don't install my response any plugin because the owner is saying on his site that plugin will help you do this or that. Maybe use a test site to check the plugin, or maybe get a software engineer to analyze it carefully. This way is not a threat for your business or you.