WordPress security by ultimate obscurity
Securing WordPress involves a two-pronged campaign, commissioning solid defenses to control access, with assistive distractions to confound the attacker.
These defences, for example, begin with impermeable code and are complimented with things such as a firewall and strong passwords. The distractions, on the other hand, protect nothing directly but, by obscuring information that would otherwise aid an attack, they nonetheless back up the first line of defence.
For instance, say you've got WordPress 3.x.x, the latest version is 3.x.y, and for whatever reason you haven't yet upgraded. Along comes a hacker who knows how to exploit a weakness in 3.x.x. You do have a fallback though: you've hidden your WordPress version. The hacker could still try, successfully, to exploit your site but, rather like an (empty!) alarm housing that persuades a thief to burgle the neighbor instead, the confusion you provide is enough to sway the hacker to seek out a more obvious...
