read http://www.techtipsmaster.com/make-your-wordpress-blog-secure.html
1.Try to use SSH instead of FTP connection to your server.If someone has got your FTP information,he can do anything with your site,add unwanted item,scam your site and use it for his purpose even though you are not aware of it.But,in SSH ,all are encrypted during the transfer of the files and hence connection is much more secure than the latter one.
2.add
code]
if(preg_match(’#’ . basename(__FILE__) . ‘#’, $_SERVER[’PHP_SELF’])){
header($_SERVER[’HTTP_HOST’]);
exit();
}
[/code]
to the top of any plugins for additional security.
read more here...
http://www.techtipsmaster.com/make-your-wordpress-blog-secure.html