Wordpress Security and Hardening

Looking for advice on how to harden wordpress against bruteforce and other types of attacks. Recently had mattpawlygolf.com brute attacked and compromised, spam sending and inserting of urls into posts. Got it all cleaned up and toughened the passwords.

Suggestions for tightening it up some more.