I host on NearlyFreeSpeech.net and their service and value (for moderate traffic volume sites) is awesome. But they are a fiddle under the hood host and not everything works without some tuning. WordPress takes some work and automatic updates aren’t possible without some permission changes. Some people just open everything up (777) which opens their site right up to attack. Here’s a post that explains how to change permissions without leaving the barn door wide open.
Now on to straightforward WP security. Check out WP Security Scan, a WP plug-in to quickly give you cues and clues on securing your specific WP site.