WordPress Security Tips:1
Amazingly, lots of WordPress Web sites are still using default "admin" user name for the admin log in. After WordPress 3.0, you may choose a hard to guess admin user name. If your WordPress site was created before that, you may go to your phpMyAdmin and the 'wp-users' table to change 'admin' to a new user name of your choice.
The bottom line is
Do Not Use The Default "admin" User Name
Also try to use a longer ( more than 10 characters long) user name for your WordPress admin account.
Another tip related to this is:
Prevent Log In Error To Be Displayed
Even with WordPress 3.1, the default setting is still "showing log in error" when you type in a wrong user name. This makes it convenient for users who really forget their user name or password, but it also gives too much information for hackers.
A trick to prevent the log in error to be displayed is to insert this simple line of code in the functions.php at your current theme folder (e.g. wp-content/themes/twentyten )
add_filter('login_errors',create_function('$a', "return null;"));
Remember to backup your functions.php file so you can roll-back the change in case you do it wrong.