By default, the latest version of WordPress is pretty secure. The development team of WordPress has considered anything which may have been added to some fix wordpress malware scanner plugins. Before, WordPress did have holes but now most of them are filled up.
Use strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are also easy to guess!
You should also place the"Anyone Can Register" in Settings/General to off, and you ought to have some type of spam plugin. Akismet is the one I use, the old standby, but there are lots of them you can try these out nowadays.
WordPress is one of the most popular platforms for blogs and sites. While WordPress is pretty secure out of the box, there are always going to be people who want to create trouble by finding a way to split into accounts or sites to cause harm or inject hidden spammy links. That's why it's important to be certain that your WordPress installation is as secure as possible.
Change your password, or at least your WordPress admin and password username and collect and utilize fantastic WordPress security tips to keep hackers out!