After a clients WordPress site was recently comprimised and subsequently serving up malware and spam a few quick reminders for WordPress security hardening:
Change the database prefix to something other than wp_
Change the security key salts
Protect config file through htaccess
Dont use admin or administrator for the default user
Use a strong password
CHMOD the uploads folder
CHMOD the config and htaccess to 640
Install and configure Akismet for spam prevention