I think Wordpress is much better now than it was in the past, and is certainly better than other CMSes I've used in the past, which got hacked every two weeks despite my best efforts.
I've got a plugin on Wordpress called WSD security which advises on security measures you can take, such as changing table prefixes from wp_, putting a .htaccess file in the wp-admin folder, removing/rebaming the admin user, and