As to email spam, that's a different subject. For that, I particularly like setting up separate emails addresses for different purposes — such as an email address solely for Facebook, etc. — so that, even if that email address starts getting a lot of spam, I can just change it.

Also, running a spam detection program on your web hosting account, such as Spam Assassin, is very useful. I get very little email spam in my inbox (although I suspect that my server blocks the bulk of it, so I never see it).

Unless you're asking about server spam blockers, or something else …

And your last sentence there says everything: "Its all very well and good screaming about HTML validation and Web 2.0, but its more important to have standards on your server-side, because this is where you are going to get hacked."

Thanks.

Some other things it is good to to are:

*Block access to the admin either by password protecting the directory or only allowing access to it from an IP.
*Block access to all folders that only hold server-side scripting.
*Remove "Powered by WordPress" from the footer as hackers and spammers use this to harvest WP blogs from Yahoo.
*Also remove the generator tag from the WP feed which gives away your WP version.

However, the best thing to do would be to move away from WordPress. WP has a long history of security exploits and the guys who are making it are not only not keyed up on php, session and database security. They also have some of the worst programming standards I have seen since osCommerce. Its all very well and good screaming about HTML validation and Web 2.0, but its more important to have standards on your server-side, because this is where you are going to get hacked.