There are a small but increasing number of posts where people are seeing things on their site like popups for various things.
It is VERY likely that the people who did this have managed to do so because of the directory and file permissions that you have set. You MUST get this right to avoid this situation.
Directories should have, at most, permissions of 755. If you have a directory that is 777 then that can be written to.
Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. You must never ever have ANY file at permissions greater than 666 unless you are directed specifically to do so.
Some hosts will only allow you to upload images (using WP) if the images folder is 777. That leaves your site at a certain level of risk. Email them and check what the minimum permissions are. Despite what they first say, this is NOT a WP issue - it's a security issue.
If your host insists that 777 is the only number, start looking for another host. 755 can be done by hosts (my directories are all 755) that take security seriously.
Please add anything else here !