An excellent guide to securing WordPress can be found in the WordPress Codex. Remember to upgrade whenever new versions become available.
To secure your wp-admin area using SSL you’ll need to activate SSL for your domain. If you purchased an SSL certificate for this or would like to use a self-signed certificate, let us know by submitting a support ticket and we will be happy to assist you in getting this set up.
If you’ve already been exploited, you should remove any foreign code in your site that you find immediately. If you are not sure what to remove or if you want to make sure you have removed all of an exploit, we recommend using the WordPress Exploit Scanner plugin. If you have any questions about items that register in the scanner, please submit a support ticket and always backup your files before deleting anything or making changes.
Our new Managed WordPress hosting includes proactive scanning and blocking of malware and hacking attempts, as well as brute force attack protection. If you are interested, we can migrate you to Managed WordPress for free, just submit an order form.