There are several free security plugins. Id make sure to install one that limits login attempts, provides you with nightly backups, checks the file permissions on your wp install, and filters out the common things people look for.
After being hacked over a year ago, I now always CHMOD my index files and any files that won't be dynamically changed or overwritten by wordpress to be unwritable. I also use BulletProof Security and Wordpress Firewall 2.
Seems to have done the trick for me. BulletProof security is pretty solid if set up correctly.