1. Prevent Unnecessary Info From Being Displayed
2. Force SSL Usage
3. Use .htaccess To Protect The wp-config File
4. Blacklist Undesired Users And Bots
5. Protect Your WordPress Blog From Script Injections
6. Fight Back Against Content Scrapers
7. Create A Plug-In To Protect Your Blog From Malicious URL Requests
8. Remove Your WordPress Version Number… Seriously!
9. Change The Default “Admin” Username
10. Prevent Directory Browsing

Source: http://bit.ly/drXo8o