I manage many different websites that use WordPress and I find that the very best thing I can do for security is to install the WordFence plugin. It is a real WAF (Web Application Firewall) that works in the background to help prevent malicious activity on your website.
Do you use this or something different for WP security?