@geoffrey-gordon WordPress security is a tough one. WordPress has their own guide to hardening your installation (http://codex.wordpress.org/Hardening_WordPress). StudioPress also has a guide (http://www.studiopress.com/tips/wordpress-site-security.htm). There’s tons of plugins and tips out there – one thing you have to keep in mind is that the more security you put in, the harder it is to do things like update, add new plugins, etc. 

There’s also VaultPress (http://vaultpress.com/) - it’s a backup / security tool you can use. It’s not too bad if you have just one or two domains, but it can get really pricey if you have more.

Thanks  @kristi-hines and  @richardmclaughlin. I have been using a two particular solutions at this point. 

1. http://www.infinitewp.com which allows me to manage as many websites as i want, it does backups and restore, updates all plugins and themes. 
   Their premium stuff that’s coming up soon looks really good.
2. Other than that i have been using the  Better WP Security to keeps my blogs secure it looks good, but just because of what other say. Not entirely sure if it’s bullet proof.

@geoffrey-gordon The advice you got from @kristi-hines is right on. Use the info in the WordPress codex to educate yourself.

Earlier this year, my business website was hacked 4 times in 3 months. During that time, I got quite an education. But even after I learned all I could, and followed everything I had learned, my site was still hacked one more time. In spite of my best efforts.

With that hack, I learned that some plugins leave the back door standing wide open. It’s hard to find which plugins are so poorly written that they introduce security risks. But they exist, and you might be using one (or more) of them.

In the end, I purchased a year of protection from Sucurri for just under $100. They monitor my site and let me know when they find it has been hacked, which happened one other time. They agree to fix it within a few hours, I think within 4 hours.

If you have a serious business site, not just a hobby site, where you are generating income and providing services 24/7, you need to address WordPress security. If it doesn’t matter if you site goes down for a day or so, and you have a habit of creating nearly daily backups so you can restore, you are okay, too.

I recently discovered that WPEngine, a WordPress managed hosting service, includes the same services I get from Sucurri in their monthly hosting fee. FYI

You should also use login lockdown to prevent unauthorized people from logging into your database. Above all else, make sure you back up your site, comment and every plugin.