A great guide (updated often) on Wordpress security from the good folks at Securi:
Recent statistics show that over 28% of website administrators across the web use WordPress. Its popularity comes at a price; often targeted by malicious hackers and spammers who seek to leverage insecure websites to their advantage. WordPress security is about risk reduction, not risk elimination. Because there will always be risk, security will remain a continuous process, requiring frequent assessment of these attack vectors.
This guide is intended to educate WordPress administrators on basic security techniques and actionable steps that will help to improve your security posture and reduce the risk of a compromise.