I don't think I would even run a Wordpress blog at this point in time. I run a cherrypy site, and the amount of scans it has received for Wordpress vulnerabilities from bots is astounding.<p>See:<p><a href="http://secunia.com/advisories/search/?search=wordpress" rel="nofollow">http://secunia.com/advisories/search/?search=wordpress</a><p><a href="http://milw0rm.com/search.php?dong=wordpress" rel="nofollow">http://milw0rm.com/search.php?dong=wordpress</a><p>I don't currently run a self-hosted blog, but if I did, I would at least try to make sure the one I was running didn't have any new vulnerabilities.
Well, many blogs outhere are Wordpress based...even the most known tech blogs like Techcrunch, Venturebeat, Mashable...<p>Secutiry should be taken seriously for any website, not just for Wordpress...I bet there are security holes in Movable Type or Textpattern or other blog software...that doesn't mean we should stay away from running blogs...because that means we will stay away forever.
Very comprehensive list of tips and tricks.
I like the new feature of Wordpress 2.7: automatic updating (that should keep many hackers away by updating the installation to the newest version).