Recently two sites I've built on Wordpress were hacked. Cleaning these sites is no picnic. There are numerous blog entries on securing WordPress. Though they all say different things which makes me think that there is no consensus/best practice on how to do this.

Are there other platforms that are more secure?
Do you have a successful formula for securing WordPress installs?

I used to use a CMS that I built myself. It doesn't have all the bells and whistles that WordPress has, but it is easy to configure and does most of what I need it to do. I've set up over 200 sites with it, and it never got hacked. Security through obscurity...