Most of the time, the problem with WordPress and security isn’t going to be themes or plugins, it’s actually how you configure your WordPress install:
- Keep your WP core up to date
- Secure login and password (never use “admin” as username or login)
- Changing Authentication Unique Keys and Salts in wp-config.php
- Unique database prefixes (avoid “wp_”)
- Use of permalink structure
Also a very secure database password is strongly recommended.
Another thing: a lot of people will name their database “wordpress”, choose another database name.
Issues may also come from non-reliable and non-secure web hosting company servers (cheap ones).
Here is a post on wptuts that may be useful. There is few steps in this post to help you to secure your wordpress installation.
You will also find a lot of plugin to improve your security.
This post is not a complete wordpress security guide but only a few tips to help you to get started.