http://codex.wordpress.org/Hardening_WordPress#File_Permissions
/– The root WordPress directory: all files should be writable only by your user account, except .htaccess if you want WordPress to automatically generate rewrite rules for you.
/wp-admin/– The WordPress administration area: all files should be writable only by your user account.
/wp-includes/– The bulk of WordPress application logic: all files should be writable only by your user account.
/wp-content/– User-supplied content: intended to be writable by your user account and the web server process.Within /wp-content/ you will find:
/wp-content/themes/– Theme files. If you want to use the built-in theme editor, all files need to be writable by the web server process. If you do not want to use the built-in theme editor, all files can be writable only by your user account.
/wp-content/plugins/– Plugin files: all files should be writable only by your user account.Other directories that may be present with /wp-content/ should be documented by whichever plugin or theme requires them. Permissions may vary.