The secure your wordpress website Codex has an outline of what permissions are okay. File and directory permissions can be changed either via an FTP client or within the administrative page from your hosting company.
Do not depend on your internet host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they don't! Far better to have the responsibility lie with you, rather than out.
You should also place the"Anyone Can Register" in Settings/General to away, and you should have some type of spam plugin. Akismet is the old standby, the one I use, but there are lots of them nowadays.
Now we're getting into things specific to WordPress. You must rename it to config.php and modify the document config-sample.php, when you install WordPress. You need to set up the database facts there.
Do your homework and some searching, but if you're pressed for time and need to get this done once and for all, try the WordPress security plugin that I why not try here use. It's a relief to know that my website (and company!) are secure.