WordPress has a very rich set of plugins and a combination of them can make anti-spam in WordPress quite easy. Here is a list of plugins that can help prevent spammers from registering spam account (if the site allows registration of new users) and posting spam comments.
Anti spam comments ∞
Use the Akismet WordPress plugin.
Anti spam user registration ∞
Use the Math Captcha WordPress plugin.
The Captcha plugin allows you to protect the website from spam by asking the users to do a math calculation in the login, registration, password recovery and comments forms.
Anti brute-force password cracking ∞
WordPress allows unlimited login attempts by default which allows passwords (or hashes) to be brute-force cracked. The Limit Login Attempts plugin temporarily blocks the Internet address after a specified limit on retries from that IP is reached, and makes the brute-force password cracking difficult.
With these plugins, the WordPress installation should be able to handle most of the spams seen by small sites.