-> Choose some other username for admin other than admin
-> Use strong password for login
-> Use shell access to uploading anything as opposed to FTP
-> Never ever install plugins/theme from other than wordpress.org library
-> Put a blank index.html in your plugin directory
-> Block wp-admin access using htaccess
-> Never use 777 permission
-> Block wp-folders in robot.txt
-> Do not use prefix wp_ for tables (though it will prevents your site from newbie hacker only)
-> Remove <meta name=”generator” content=”WordPress 3.2.1″ /> from header.php using (Theme Editor)
-> Choose a reputed hosting provider
-> Regularly update WordPress, Plugin and Theme
-> Keep backup-backup-backup
-> Hiding error message at WP login (because it shows if your username is wrong or password is wrong)
-> Disable directory browsing
