An excellent guide to securing WordPress can be found in the WordPress Codex. Remember to upgrade whenever new versions become available. You can find announcements of new versions as well as other important news by following our status blog.
To secure your wp-admin area using SSL you’ll need to activate SSL for your domain. If you purchased an SSL certificate for this or would like to use a self-signed certificate, let us know by submitting a support ticket and we will be happy to assist you in getting this set up.
If you’ve already been exploited, you should remove any foreign code in your site that you find immediately. If you are not sure what to remove or if you want to make sure you have removed all of an exploit, we recommend using the WordPress Exploit Scanner plugin. If you have any questions about items that register in the scanner, please submit a support ticket and always backup your files before deleting anything or making changes.