You may want to read this : http://codex.ww.wp.xz.cn/Hardening_WordPress
I’d also recommend you to read this : http://ottopress.com/2009/hacked-wordpress-backdoors/
This one doesn’t really tell you how to avoid stuff, but blog hacking won’t look like black magic to you anymore, knowledge is power.
There are many things that you can do to help prevent this, although I would say nothing if full proof, it is best to do as much as you can. Here are a few essential things that I would start with, there are other things you can do as well, but this should be a good start. Everybody else please add!!!
The first thing I would do is to install the ultimate security checker, http://ww.wp.xz.cn/extend/plugins/ultimate-security-checker/
This will help show you where your website is vulnerable, and give you tips on how to fix it.
BBQ as well http://ww.wp.xz.cn/extend/plugins/block-bad-queries/ will help stop/block Malicious URL Requests attacks on your site
http://ww.wp.xz.cn/extend/plugins/wp-htaccess-control/ to limit access to your files/folders
Don’t use “admin” as a username on your website. If you already have this username set up as your main username you cannot change it from the back end of wp, but if you have access to phpmyadmin you can change your username there.
Delete your readme.html file
Delete your install.php file
Ryan
