> Secondly do you guys have any advice on more security of WP. i have heard > that word press is kind of week in security. maybe i am wrong but i have > heard that. I've had no problems in several years of hosting WP. I do recommend NOT using the Debian package for WordPress. For security and also better features, use the most recent version available at wordpress.org. Installation is actually only slightly harder than the Debian package--their claim of a 5-minute install is totally valid.
I would echo the comment about installing from source. After doing so, Wordpress includes functions for installing plug-ins, updating both the base software and plug-ins from upstream, and so forth.
Re. security: I find that our site gets hit rather frequently by various kinds of distributed attacks. Wordpress is a very popular target for automated software that tries to crack it, spam it, and install spambots. I've found it very helpful to install several plug-ins that provide various forms of firewall and blocking functions. In particular:
Akismet: anti-spam, comes in the basic install, but needs to be configured iThemes Security - blocks brute force login attacks and such VSF Simple Block - adaptive firewall Wordpress Firewall 2 - another firewallNOTE: These help, but if you end up on the attacking end of a distributed bot attack, it's likely that your Apache server will get hosed -- at times, I've had to tune Apache (number of concurrent processes, number of concurrent queries), to keep our server from getting so overloaded that it crashes.
Also: BackWPup is a nice auto-backup tool Miles Fidelman