Even though I absolutely love WordPress it does have some annoying features that makes it susceptible to hacking.
The most common of these is having your uploads folders (usually found at /up-content/uploads) set to a permission level of 777.
If a hacker managers to infiltrate your website, they are likely to place PHP code in this directory that they use to carry out their "naughty" activities.
Sure we could change the permission on the directory, but this might stop some of the other plugins form working properly, so here is another more simpler way to fix that problem.
Using your favourite text editor (DO NOT use a word process, using something like notepad etc) create a text file and paste the following 3 lines into it.
deny from all
Now upload it to your /wp-content/uploads folder and call it .htaccess
Now every time a php file is run from in that folder, it will generate and error.
No more hacked files running in your /uploads folder.
Give it a try and it will make a small step towards making your WordPress installation even more secure.