Yeah, a lot of WP sites have been hit recently... more than 90,000 blogs and counting... Here are my methods I am using for my WordPress blogs:
1. NEVER, EVER use admin as your username! Forget it! use some other stuff instead! 50% of Brute force job is done by leaving admin as your default username!
2. ALWAYS BACK-UP your site(s). Whether they are HTML, Flash, Joomla or WordPress - use appropriate plugins, components, security based web services, etc.! Do not underestimate the backup process of your database and site as a whole!
Here are the plugins I am using to avoid my WordPress CMS site being hacked:
1. Limit Login Attempts - easy to use WP plugin which will limit the rate of login attempts, including by way of cookies, for each IP. It is also fully customizable.
2. WP Database Manager - always make a weekly or monthly back-up of your DB! The plugin also allows you to e-mail the backed up Database!
3. Do not use passwords which are really easy to guess! Like: "admin," "qwerty," "123456" and "password" instead use capital letters, numbers, signs such as #&$*%^@ etc. Again - do not help hackers with their job!
At the end - be always prepared!