This is another in my series of posts about keeping my blog (and yours) free from malware. Victor Granic over at switchwp has an excellent and reasonably comprehensive post on securing WordPress sites. I came across his post via Sacha Chua's notes on WordCamp Toronto 2012.
Along with the usual good advice such as keeping WordPress up to date, Granic suggests such things as changing the name of the administrator's account to help foil automatic exploit tools, setting up comprehensive logging, changing the database table prefix, and setting up SSL mutual authentication for access to the administration screen.
Another useful piece of advice is to install the WordPress Exploit Scanner, Login Security Solution and VaultPress security plugins. He also gives some pointers to further resources for learning how to harden your WordPress site.
If you have a WordPress site you should definitely take a look at this guide. It's full of good advice and things that you may not have known or thought of. Recommended.