Most of the time, the problem with WordPress and security isn’t going to be themes or plugins, it’s actually how you configure your WordPress install:

  • Keep your WP core up to date
  • Secure login and password (never use “admin” as username or login)
  • Changing Authentication Unique Keys and Salts in wp-config.php
  • Unique database prefixes (avoid “wp_”)
  • Use of permalink structure
  • etc..

Also a very secure database password is strongly recommended.
Another thing: a lot of people will name their database “wordpress”, choose another database name.

Issues may also come from non-reliable and non-secure web hosting company servers (cheap ones).

Here is a post on wptuts that may be useful. There is few steps in this post to help you to secure your wordpress installation.
http://wp.tutsplus.com/tutorials/security/20-steps-to-a-flexible-and-secure-wordpress-installation/

You will also find a lot of plugin to improve your security.

This post is not a complete wordpress security guide but only a few tips to help you to get started.