You can’t trust from whom you buy shared hosting these days because everyone has a hosting company.
If by any chance your provider isn’t well protected, here is list of thing you can do to protect yourself.
Probably you read somewhere it is important to set strict permissions to database config files like wp-config.php, but why?
Imagine your host has one site that has been hacked into. And your host may be vulnerable to symlink race condition, hacker will probably find you among many other users and go through your files. Then hacker can read database configuration file and mess up with your database.
That is why you should set permissions of wp-config.php (or any other config file) to 0400
This WILL prevent the hacker from reading your database connection information.
Unfortunately if your hosting is really bad and doesn’t even update their kernel versions there may be a possibility that hacker can hack server (gain root permissions) and destroy everything – no matter what you do.
That is why you should always make a backup of your files and database, at least one a week or frequently.
What I recommend is that you look for a hosting that has CloudLinux with CageFS and WAF (Web Application Firewall). This means that hosting company cares about their users data.