To ensure that WordPress websites are secure and safeguarded from attacks, we recommend the following steps:
- Always update and upgrade your WordPress installation and all installed plugins.
- Install WordFence Security or Better WP Security plugin, and follow the steps provided by the plugin. It's free! Just choose one. :)
- Ensure that your admin password is secure and preferably randomly generated.
- Always have a backup of your WordPress site/database.
- Other ways of hardening WordPress can be found here: http://codex.wordpress.org/Hardening_WordPress
A good read about securing your WordPress website here: