WordPress has a very rich set of plugins and a combination of them can make anti-spam in WordPress quite easy. Here is a list of plugins that can help prevent spammers from registering spam account (if the site allows registration of new users) and posting spam comments.
Anti spam comments
Table of Contents
Use the Akismet WordPress plugin.
Anti spam user registration
Use the Math Captcha WordPress plugin.
Anti brute-force password cracking
WordPress allows unlimited login attempts by default which allows passwords (or hashes) to be brute-force cracked. The Limit Login Attempts plugin temporarily blocks the Internet address after a specified limit on retries from that IP is reached, and makes the brute-force password cracking difficult.
With these plugins, the WordPress installation should be able to handle most of the spams seen by small sites.