Wow, there really is a whole lot of this going around at the moment.
I for one would like to remind everyone to keep up to date with their wordpress version. I have clients still using previous versions even after widely publicized hacks.

You can lead a horse to water...

Saw some great tips on securing /plugins and restricting admin by ip that should definitely be used. If I dig them out I'll add them here.

Might not stop everything but but there are some very simple things that can be done to greatly reduce the risk of being hacked.