To their credit, the WordPress people are always doing their best to plug security holes and are updating constantly. So your first line of defense is to keep your blogging platform updated. Information Security Blog
Medical Tip: To avoid increasing your blood pressure, always be sure to make a backup of your blog before installing any updates. Its a good idea to regularly to keep your WordPress backed up regularly anyhow, since any number of things can go wrong.Another tip is to delete the meta tags that tells the world of the version of Wp you are using. This info is usually in the header file.One of the great things about using WordPress is the plugins. While they greatly increase your blogs capabilities, they too contain certain bugs and vulnerabilities that are exploited by hackers. So be sure to keep them updated also.
It is easy for anyone to see what type of plugins you are using by visiting the wp-content/plugins folder. To keep potential intruders from finding out the plugins that you use, create an empty ‘index.html’ file and place it in your plugins folderIts also a good idea to check your plugin folder and make sure the plugins there are the ones you want. Some hacker, once they get into your files upload their own plugin. So if you see something that you are not familiar with, delete it.Here is a Free WP plugin that keeps track of the attempts to login to your site. Many hackers use brute force to try and get your password. So, if there are too many of them coming from the same IP address within a short period of time, the plugin will disable the login function for that IP range. Login Lockdown: bad-neighborhood.com. Click on login lockdown and you will be taken to the download page. Be sure to check out their other plugins