It’s easy: go to WordPress homepage and download package. Install it in two steps and start growing. But, now, you have to take care of security aspect of your blog. There are lots of plugins that can help you. Here there is my short list.
AskApache Password Protection
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving virii. Forget spam, these millions of zombie bots are too outrageous to ignore, they are attempting known (but strangely outdated) exploits looking for known vulnerabilities against blogs and other Internet software. Sooner or later some poor blogger is going to miss an upgrade and become a victim to this type of video-game-like-attack.
Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
WordPress File Monitor
Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.
Invisible Defender is a WordPress plugin, which protects registration, login and comment forms from spambots by adding two extra fields hidden by CSS. This approach gave me 100% anti-spam protection on one of my sites.