I've been working exclusively with WordPress for over 5 years and I just wanted to give a thumbs up for the new Bullet Proof Security plugin.
As someone who builds WP sites for clients and then trains them and turns the management over to them, Bullet Proof Security is extremely user friendly and causes me no headaches with lots of questions and "messages" that don't ever resolve themselves without me having to stop what I'm doing and fool around in FTP moving .htaccess files around and such.
There are several good security plugins out there, some do more and some do less. This one just about does it all. I'm really looking forward to the Pro version that should be coming out soon.
If you have clients, especially the ones that call you every time Google puts out a press release, or they get an "update" message -- I would recommend Bullet Proof security.