Wordpress blogs can be targets for hackers looking to take over for SEO, traffic-redirection and other purposes. Most bloggers aren’t aware of the threat posed by hackers and the blog owner may not even know that a successful attack has taken place.
There are some simple security measures that any blogger can implement today to make a blog more secure.
 
1.      Backup regularly
Taking regular backups is important. In case if something happens, use can always use the backup to recover your blog files. WordPress Database Backup plugin makes it simple to backup your files.
 
2.     Always upgrade
Always upgrade to the latest version of WordPress, latest version of your WordPress theme and latest version of plugins you use. One of the reasons for new versions of software and plugins, is the security vulnerability found in older versions.
 
If you are afraid to upgrade because of some old WordPress theme you are using or some old plugin that you think is not compatible with the new WordPress, then please switch over to something more modern and something that you know has a serious developer and community behind it. Thesis Theme for example released a WordPress 2.8 compatible design on the day of the WordPress release.
 
3.     Create a new user account
It is harder for a hacker to break into your blog when both the username and the password have to be cracked. That is why you should create a new user and delete the WordPress default “admin”.
 
4.     Use strong password
 
5.     Set a new nickname
You do not want your new username to be the author name that is shown on all posts. Set the nickname WordPress uses as author name to something different than your username. You do this in “Users” under “Your Profile” in the Nickname field. Choose a new nickname and set “Display name publicly as” to your new nickname.
 
6.     Use Login Lockdown plugin
Login LockDown plugin records the IP address and timestamp of every failed login attempt to your WordPress blog. If more than a certain number of login attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.
 
7.     Do not allow guest user registrations
If you do not have a membership blog, then there is no reason to allow visitors to register for a guest account on your blog. To check that you’ve got registration turned off, click “Settings” and make sure that “Anyone can register” option is not checked.

References:
http://www.howtomakemyblog.com/wordpress/wordpress/7-simple-steps-to-make-your-wordpress-blog-more-secure/
http://www.howtomakemyblog.com/wordpress/wordpress-worm-attack-best-practices-to-keep-your-blog-safe/