Overall WordPress is fairly secure, but like any other popular program it is not immune to being compromised.

Security Tips
  1. Choose a reliable hosting provider.
  2. Use something other than "Admin" as your username.
  3. Upgrade WordPress when upgrades are made available. These sometimes include security updates.
  4. Back-up your database regularly. This way if your site is compromised you can get it back up and running more quickly.
  5. Choose carefully when giving others Admin level access to the site.
  6. Check your file permissions to make sure others don't have write access.
  7. Store wp-config.php one level above your WordPress directory (when possible) and make sure it can only be read by you and your Web server.
  8. Check .htaccess to make sure your directory listings aren't browsable.
WordPress Security Resources