A few weeks ago a good friend called me and said that something was wrong with his site. I took a look at hi site, a Wordpress-based website and saw nothing but a php error message.
The long-and-short of it was that he had been hacked. Every now and then, a vulnerability is discovered in Wordpress. The release a new version to patch the hole, but it is up to you to keep up with the new releases in order to avoid the same fate as my friend.
This is another reason why I like TypePad: It's always up to date and I never have to worry about keeping the software up-to-date. Typepad takes care of that.
Since I'm on the subject of security, the biggest vulnerability of a Wordpress blog is typically the username: When you install Wordpress, it automatically creates an administrator account with the username 'admin'. If you don't change it, you've just cut the hacker's problem in half. The first thing you should do upon installing Wordpress is to create a new administrator account with a unique name and delete the 'admin' account.
And then there's your FTP account
If you host your own blog (using Wordpress, for example) don't forget about the security of your FTP account. FTP is the method for uploading and downloading files to and from your server. (If you installed Wordpress on your server, FTP is the tool you used to get the files onto your server in the first place.) If your FTP account password is compromised it may take days to figure it out. Make sure you have a good strong password there too.