Essential security measures
There are several essential steps you should take to enhance the security of a WordPress site:
Strong Passwords
Use a strong password for all administrator accounts, and change passwords periodically. Strong passwords are not easily guessed. To break into an account with stong passwords, hackers use a brute force attack. Stopping brute force attacks is covered below.
If your site has been compromised (or you even suspect that it has been compromised), you must also change the security keys in the wp-config.php file that are used to encrypt cookies. Simply changing passwords is not enough, because an attacker may still have a valid cookie and be able to access your site.
For more information about how to configure security keys in the wp-config.php file, please visit http://codex.wordpress.org/Editing_wp-config.php#Security_Keys.