blends - 10:53 pm on Jul 11, 2013 (gmt 0)
After being hacked over a year ago, I now always CHMOD my index files and any files that won't be dynamically changed or overwritten by wordpress to be unwritable. I also use BulletProof Security and Wordpress Firewall 2.
Seems to have done the trick for me. BulletProof security is pretty solid if set up correctly.