Update to the latest secure version

Every piece of software has its own problems and weaknesses. Be diligent about always updating to the most recent "known secure" version. In this instance, you will want version 2.3.3 of WordPress.

Since WordPress gives plugins and themes full access to your blog, you also need to keep your plugins up-to-date. With the latest 2.3 series of WordPress you are notified in the admin screen when the plugins that you have installed are released in new versions.

Any plugins that are not being used, should be removed or disabled

If you're like most bloggers, you've installed and tried out several different themes on your blog. And you very likely have several plugins installed that you don't use.

Every single piece of unwanted software may provide a new vulnerability. Since no one is using them, why waste the energy to take these packages to the latest version? Get rid of the software, eliminate all associated files and be done with the trouble.

The final step is among the most significant. Eliminate unnecessary installations. Remember that everything you've installed lands in standard locations. A hacker can simply search your site, and take advantage of known holes. It is irrelevant that you are not using the package.

Only download and install trusted code

Just like you shouldn't click on email attachments coming from people you don't trust, you shouldn't install software on your blog from untrusted sources. Only download code from the authors' web site.

Most WordPress themes and plugins have been made an open source, which has made it possible for people to change the code just to be spiteful and insert badware for unknowing internet users to download.

Don't be the guinea pig for the latest plugins. Take a cautious approach and wait until you see a plugin being used by many other trusted bloggers.

Avoid any JavaScript includes

A lot of web analytics services and advertising networks have a requirement that you add JavaScript to your blog, which frequently comes in the form of a JavaScript include. This gives the JavaScript authors an almost wholesale permission to change your web page. Essentially, you must trust your Web site's security to the third-party service.

With regard to Google AdSense, Google Analytics, or other respected advertising networks and web analytics services, you shouldn't be concerned. However, if a relatively new firm asks to put JavaScript on your web site, you should quickly run the other way.

Ad networks also pose another problem if you don't have control over who is allowed to advertise on your network. Google applies the guilt by association principle: If you are advertising for a site that has badware on it, your site may be blacklisted too.