I had 2 sites hijacked today, one accessed thru wp-includes/update.php and the other thru wp-includes/canonical.php
The help desk at my server datacenter said the permissions were wrong on the folders and the files.
What are the suggested correct permissions for wp folders and files? (Permissions are something I don't totally understand except to know how to chmod them and I know if they aren't right, a lot od stuff doesn't work)
Right now, it seems like most of my sites have folders at 755 and files at 644; is this correct or should they be something different?