Most of the Times hackers or Attackers Upload Malware php scripts to sites when 777 (or just enough) permission for folder are present . Due to some application you can change the permission of the folder to secure it . So here is the another way to secure it using .htaccess file.
Please this code in the folder which you have to secure.
Create htaccess file and place below code in it :
Deny from all