Wordpress security functions for paranoid folks. (themes functions.php and .htaccess). Take what you want, leave what you think should be added to it.
The WordPress Security White Paper, available directly on the WordPress.org site at https://wordpress.org/about/security/
A static code analysis for WordPress (and PHP)
A fork of the long-abandoned SWFUpload project, maintained by WordPress and others to ensure that a secure version of SWFUpload exists. Report security vulnerabilities to email@example.com.
WAF for WordPress with 60+ security checks and weekly updates
WordPress static site generator for security, performance and cost benefits
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
WordPress Plugin Security Testing Cheat Sheet