Overall WordPress is fairly secure, but like any other popular program it is not immune to being compromised.
- Choose a reliable hosting provider.
- Use something other than "Admin" as your username.
- Upgrade WordPress when upgrades are made available. These sometimes include security updates.
- Back-up your database regularly. This way if your site is compromised you can get it back up and running more quickly.
- Choose carefully when giving others Admin level access to the site.
- Check your file permissions to make sure others don't have write access.
- Store wp-config.php one level above your WordPress directory (when possible) and make sure it can only be read by you and your Web server.
- Check .htaccess to make sure your directory listings aren't browsable.