Change Your Username
The username and password are your first line of defense, and since all WP installations start out with a standard login name of Admin, you are giving away half of your defense by leaving it default. I use a password generator to generate a random string of characters for my username. You can add a new name under Users, just make sure to set the permissions to administrator. Use a different email address to set it up, and then delete your old User account of Admin and change the email address of your new username to the email address you want.
Install a Security Plugin
This will help keep some vulnerable spots in your site inaccessible to hackers. I use BulletProof Security, a free plugin available through the plugins directory. Be sure to go in and configure the settings, consulting the help files if you are unsure.
Delete Unused Themes and Plugins
Sometimes, a theme or plugin might have a weak point that gives hackers an opening into your site. Deleting unused themes and plugins helps eliminate that possibility, because you are unlikely to update those you aren’t using, and updates are the first defense against plugin hacks.
As with any sensitive information, don’t give out your login or password, and make sure the password you choose is strong and hard to guess. Lastly, visit the live version of your site from time to time to make sure it looks as it should – a hacked site will probably have some changes that you didn’t implement.