In January 2013, CSO (Computer Security Officer) magazine had an interview with Adam J. Kujawa (Malware Intelligence Lead at Malwarebytes). The title of the article is, "3 questions: WordPress security.
He was asked a few questions regarding WordPress security. Interesting enough, when asked, "Is it hard to set up WordPress securely" he replied,
It's not super hard. If you're not inherently technical, I wouldn't try to set up WordPress. I'd get somebody else to do it. But the biggest targets are the ones that are quickly set up, and don't have a massive amount of traffic. The best advice I have is to find a professional or a hosting company. They might cost a little more but will be worth it if they can securely establish a web presence.
I do not agree with this statement 100%. I think setting up WordPress is easy enough IF you know how to set up the security aspects. If you're using WordPress for your site, you MUST make sure you have the security vulnerabilities blocked - and you need to do that now.
One of the most popular install methods is to use the quick Fantastico upload of WordPress. Once installed, the next step is to install plugins (most people have no idea if there are any security issues with plugins). You can loose weeks, months and even years worth of work all because of some hole you didn't even know existed.
If your site is not secure, you will be hacked. It is just a matter of time. Do not let that happen - take the time to secure your site correctly.
Check out WPSecurityHelp.com - you will be glad you did!