in this topic of mine im talking about way on how to secure wordpress files/folders from writing malicious files into them.
I recommended changing wp-content and wp-includes folders and files permission.

( Files from 644 to 544
folders from 755 to 555

When this is set no one should be able to write into files and into folders

But Wordpress updates needs writing permissions when adding new files or updating old..

Here is how i needed to change folder permissions for Wordpress updates:
plugins update - wp-content subfolders (from 555 to 755)
wp itself update - wp-content and wp-includes (from 555 to 755)
find /path/to/wp-content -type d -exec chmod 755 {} \;
find /path/to/wp-includes -type d -exec chmod 755 {} \;

so the result is:
- plugins update needs write permission on folders in wp-content
- wordpress itself update needs write permission not only in wp-content subfolders but also wp-includes subfolders
- So i dont needed to assign writing permission to files, only to folders..