Allow me to shoot a couple of scare tactics your way since scare tactics appear to be what drives some people to take secure your wordpress website a bit more seriously, or at least start thinking about the issue.
Protect your login credentials - Do not keep your Recommended Site login credentials where they might be found by a hacker. Store them off, as well as offline. Roboform is for protecting them good , too. Food for thought!
Is to delete the default administrator account. This is critical because if you don't do it, a user name which they could attempt to crack is already known by malicious user.
Along with adding a secret key to your wp-config.php document, also consider changing your user password into something that's strong and unique. A great tip is to avoid phrases, use letters, and include amounts, although wordPress will tell you the strength of your password. It's also a good idea to change your password regularly - say once.
These are only a few of the things I do to protect my blogs. Thing is that they don't require much time to do. These are easy options, which can be done easily.