The fix wordpress malware plugin Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the administrative page from the hosting company.
There are ways to pull off this, and a lot involve copying and FTPing files, exporting and re-establishing much more and databases. Some of them are very complex, so it is important that you select the one that is right. Then you may want to look into using a plugin for WordPress backups if you're not of the persuasion that is technical.
What is? Out of all the possible choices click reference you can make, which one should you choose and which one is right for you specifically now?
You can extend the plugin features with premium plugins like: Amazon S3 plugin, Members check only plugin, DropShop etc.. I think this plugin is a fantastic option and you can use it.
Oh . And incidentally, I was talking about plugins. Make sure it's a secure one when you get a new plugin. Don't install any plugin just because the owner is saying on his site that plugin can help you do this or that. Use a test blog to look at the plugin, or perhaps get a software engineer to examine it carefully. This way you'll know it click to find out more is not a threat for your business or you.