A list of vulnerabilities in WordPress versions. Very useful.
AskApache Password Protect is a WordPress plugin which uses .htaccess and other methods to block some common WordPress attacks. Some of the options get in the way of functionality, but many do not and will help.
An article from Noupe.com on securing WordPress installations. Some general tips such as restrict by IPs, block repeated failed logins, disallow directory listings, block access to wp-config.php, etc.
WP Security Scan is a WordPress plugin which scans your WordPress installation for security vulnerabilities and suggests corrective actions.
Article on WordPress security by TechCrunch. Good post encouraging people to keep their version up to date, etc.
Tripwire monitors files on the filesystem for changes as a method of intrusion detection. Similar systems include AIDE and Samhain. Useful for detecting web site hacks.
Donncha writes a useful article on detecting if your site has been hacked, monitoring systems to check for hacks, and how to secure your site to avoid future hacks.