The most important thing is strong password selection. Most Wordpress hacks are brute force password attacks. Remember, a strong password is one that is
long, not necessarily one with special characters and all that crap that people think makes them strong. This xkcd explains it really well:
http://xkcd.com/936/
Now, aside from that, the other thing I do on my sites and my clients' sites is to install the limit login attempts plugin to give a further protection against brute force login attempts.
Also, get and use an automatic database backup plugin so you aren't relying on your host to have a backup.
Other things:
Create a second administrator account and delete the first one, so that you don't have a "user 1" in your database. And don't use 'admin' as the username.
Keep your plugins, themes and WP install up-to-date, even on sites that you maybe don't use or actively post on any more. Use only quality plugins and themes from authors with a good reputation and solid support (updates are a good indicator of this, as is a forum presence).
The are the main things that come to mind, but if I think of more, I'll post again. Really the biggest thing is password security.