By default, the newest version of WordPress is pretty secure. Anything which may have been added to some fix wordpress malware fix plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but most of them are stuffed up.
The one I personally recommend, and the more powerful approach, is to use one of the generation and storage plugins available on your browser. I think after a free trial period, you need to go right here pay for it, although Lots of people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate passwords for you.
One thing you can take is to delete the default administrator account. This is critical because if you don't do it, a user name which they could attempt to crack is already known by malicious user.
Another step to take to make WordPress secure is to upgrade WordPress to the latest version. The main reason for this is that there come fixes for older security holes making it essential to upgrade early.
Free software: If you have installed free scripts such as Wordpress, search Google for'wordpress security'. You will get tips.