I have had two WordPress blogs. That was at a time when I was doing almost no online advertising, and until I found time to deal with the situation (weeks later), these sites were penalized in the main search engines. They were not eliminated the ratings were reduced.
The secure your wordpress website Codex has an outline of what permissions are okay. File and directory permissions can be changed either via an FTP client or within the administrative page from your web host.
The more powerful approach, and the one I recommend, is to use one of the password generation and storage plugins available for your browser. People like RoboForm, but I think after a trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer check this site out or Firefox. That will generate internet passwords for you.
You also need to place the"Anyone Can Register" in Settings/General to off, and you ought to have some sort of spam plugin. Akismet is the one I use, the old standby, but there are lots of them these days.
As I (our untrue Joe the Hacker) understand, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts that all include logins and passwords you need to remember.
These are only some. Thing is that they don't require much time to do. These are also simple options, which can be carried out.