I don’t know how much credence I give to the idea that WordPress is inherently insecure by default, but I do understand that people want to take steps to further protect their blogs. Smashing Magazine has put up an article relating to securing your WordPress admin, and while this won’t make your blog secure if you are making other security mistakes, it can be a great last step in a comprehensive security audit.
Here is one of their ten tips:
Choose strong passwords
Our recommendation for a secure WordPress password is that it be at least seven characters long and include uppercase and lowercase characters, numbers and symbols such as ! ” ? $ % ^ & ).
If you are worried about your blog, and want to take as many precautions as possible to maximize your protection from intruders, I’d suggest enacting at least five out of the ten items on this list and look for more security related posts to help control every entry point into your WordPress blog.