I've had two WordPress blogs. That was in a time when I was doing almost no internet advertising, and until I found time to handle the situation (weeks later), these sites were penalized at the major search engines. They were not eliminated, however the ratings were reduced.
The secure your wordpress website Codex has an outline of what permissions are acceptable. File and directory permissions can be changed through an FTP client or within the page from your web host.
The one I personally recommend, and the approach, is to use one of the creation and storage plugins available for your browser. RoboForm is liked by people, but I think after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate passwords for you; you use one master password to log in.
It's a WordPress plugin. They are drop dead easy to set up, have all the features you need for a task such as this, and are relatively inexpensive, especially when compared to having to hire someone to get this done for you.
As I (our over at this website fictitious Joe the Hacker) know, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts that all come with logins and passwords you need to remember.
Implementing all the above will take less than an hour to complete, while making your WordPress site considerably more resistant to intrusions. Websites were this past year, largely due to preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.