Some excellent WordPress security tweaks can be found at this article on Smashing Magazine, including ways to protect your wp-config file and prevent hot-linking to images on your site. My personal favorite is this snippet of code entered into your .htaccess file to ban persistent spam bots from your blog: Paste the following code in [...]
Block Repeat Spam Offenders From Your WordPress Blog