I don't know about you, but I researched to see what others were doing to keep their blog safe, and when I first secured my WordPress site, I found information I was confused. And some of the information was in fact over superstitious or the top. People told me to rename this file, rename this folder and set up these ten plugins. It seemed to be a lot of work and effort.
The fix wordpress malware scanner Codex has an outline of what permissions are okay. Directory and file permissions can be changed through an FTP client or within the administrative page from the hosting company.
I protect an access to important files on the site's server by placing an index.html file in the particular directory, that hides the files from public view.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it there if it can't be found in the main directory. Also, nobody will have the ability to read the file unless they've SSH or FTP access to your server.
Can you see that folder, Imagine if you go to WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can't see what plugins you have. Because even if your existing version of WordPress is up to date, if pop over here you're using a plugin or an old plugin using a security hole, someone can use that to get access.
Of course it's possible to install more plugins to make your shop like share buttons or automatic plugin. That's all. Your shop is up and running!