@Ipstenu, good point but being in the security business for a number of years now I can say that not all hackers are that clever. What I've seen are bots hitting my sites with preloaded scripts to attempt to hack into my database assuming the prefix is wp_.
They also blindly hit them hoping to guess that I'm using an out of date theme, plugin, WordPress version, etc.
So you are right that a very skilled hacker could figure out a way, but I have multiple examples from my own sites (from blocked attack alerts) that show quite a number of times the hacker is guessing using automated software.
@protechig - If you'd like to chat about security, feel free to contact me. I've had sites hacked before and have a set number of things I always make sure to do to "help" with security. Aside from that, here's a few tips:
1. Security always starts with the person/site owner. Being aware that this is a problem and taking steps to safeguard yourself and be prepared is top of the list.
2. Keep WP up to date - always.
3. Don't trust free templates/themes. I'm not sure what sort of security checks themes in the WordPress.org section have in place (maybe someone can enlighten us), but I've seen lots of examples where free themes include some nasty code.
4. Be careful what plugins you use for the same reason I gave for Themes. To to use reputable plugins, if possible.
5. I suggest changing your db prefix. Like I mentioned above, I've seen multiple instances where jerks try to hack my site by guessing that's my database prefix and WordPress is out of date.
6. Don't use free Wi-Fi. People can hack your computer, intercept your WordPress login if you choose to log in over free Wi-Fi, etc.
7. Use a good computer firewall and antivirus. Remember, keeping your WordPress blog secure involves more things than what you do to WordPress.
8. Never use unencrypted FTP. Use one of these instead: