By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to some fix wordpress malware protection plugins. Before, WordPress did have holes but most of them are filled up.
This is great news as it home means that there is a community of users and developers that could further enhance the platform. However, whenever there's a group of people attempting to achieve something, there will always be people who will try to take down them.
Keep your WordPress Setup to date - One of the easiest and most valuable tasks you can do yourself is to ensure that your WordPress installation is updated. WordPress provides you a notice on your dashboard, so there's really no reason not to do this.
Now we're getting into things specific to WordPress. You must rename it to config.php and modify the file config-sample.php, when you install WordPress. You will need to set up the database facts there.
Bear in mind the security of your blogs depend on how you manage them. Be certain that you follow these tips to prevent exploits and hacks on sites and your blogs.