By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to some fix malware problems free plugins. In the past , WordPress did have holes but now most of them are stuffed up.
Safeguard your login credentials - Do not keep your login credentials where they might be More Bonuses found by a hacker. Store them offsite, as well as offline. Roboform is good for protecting them, too. Food for thought!
You also need to place the"Anyone Can Register" in Settings/General to away, and you should have some sort of spam plugin. Akismet is the one I use, the old standby, but there are many of them nowadays.
Now we are getting into things specific to WordPress. You have to rename it to config.php and see this page alter the file config-sample.php, when you install WordPress. You need to deploy the database facts there.
Free software: If you've installed scripts that are free search Google for'wordpress security'. You will get many tips.