On this note,i must appreciate the work the WordPress developers are doing.No doubt,they are doing a superb job,but they need to pay attention towards certain aspects.
Here are few things that i came up with:-
Update
Running the most current version of WordPress is probably the most important step.Also, be sure to keep your plug-ins updated as well.
Scan all your folders
Look through what files are present and keep an eye out for anything suspicious. Check your WordPress files against a fresh download to make sure they line up.
Scan all your permissions
With rare exception,most of the files should be kept at chmod 644 and folders at chmod 755.
Periodically change passwords
Definitely modify your passwords if you’ve recovered from an attack. Remember to change your database password (and corresponding line in wp-config.php) as well as account passwords.
Check your users table in the database
Administrative account created by hackers can be hidden from the list of users in the web-based control panel. Look at the actual table in the database and see if any other accounts have administrative privileges.
Double-check and clean up all plugins
Deleted every plug-in you don’t use, and try to keep all of my active plugins up-to-date. If you have a plug-in that’s no longer maintained or hasn’t been updated in a long time, you should probably check and see if a newer replacement is available. Plug-ins can be one of the weakest points in your WordPress installation.
Only Download Plugins from Known Sources
Be sure the source where you download the plugin is the actual developers page and not a download from some other site or always go to http://wordpress.org/extend/plugins/ to get your plugins.
Add HTTP authentication to your wp-admin folder
Basic authentication sends passwords in cleartext (so don’t use the same credentials as your WordPress account), and the traffic is not encrypted if you’re not using SSL/TLS. But adding another login prompt for the admin panel adds friction and may repel less-determined attackers.
Move wp-config.php to a folder not as easily accessible
You can place wp-config.php one folder above your WordPress install;this location may not correspond to any public website folder. I also set mine to chmod 644 after changing it.
Rename your admin account
Several means exist to do this;you can simply edited the record in the database.
Change your table prefix
This can be a bit of a hassle, but plug-ins exist to help.
Disable interfaces such as XML-RPC if you don’t use them
This is one area where the wordpress developers need to work on. But its definitely better to disable features you don’t actually need.
Use security tools
I installed the WP Security Scan plug-in after reading about it on WordPress’ own hardening guide.Other good plugin is secure wordpress.It has multiple options that beef up the security.
Keep monitoring your site
Visit your homepage often, “View Source,” and scan through the HTML.
Backup
Backup is always the best option to protect your blog. In case after doing all possible precautions your blog get hacked by some one, then you can easily upload your backup files of your blog to your webhost.
Finally,Protect other sites
Its not only the script on a particular site that matters but if you have multiple websites hosted on the same account,one vulnerable application can compromise others. If you have sites that you don’t maintain, consider deleting them or locking them down to avoid future problems.
If you follow these then 95% of the attacks will be thwarted.
