Mark Hinkle at socialized software shares some resources to harden your WordPress installation. Unfotunately for him, he discovered these resources after his site got hacked.
Mark’s shares this:
One other key piece of advice, if you aren’t using a plugin or other code then remove it.Unused directories are great hiding places for malicious code and web pages.
