rogerd - 6:24 pm on Jun 2, 2011 (gmt 0)

Keeping Wordpress up to date is the biggest priority. I've had one WP install hacked, and it was on a site I wasn't maintaining regularly, which left it vulnerable. Now, keeping WP up to date is a snap - you are notified in your admin panel when there's a new version, and it can often be installed with a single click.

From what I've seen, plugins are less often entry paths for hackers, though I'd be leery of plugins with little history and unknown developers.

Keep your theme up to date, too.