There's cheaper Cpanel based hosts out there than Bluehost that provide far better hosting, customer and technical support, and they do so by not overpromising with some absurd promise like "unlimited" anything. Every client I've ever dealt with who's used Bluehost I've found myself recommending they move away from them due to SQL server problems and general issues... they're officially 0-5 in my book now. (
Here's a more technical detailing of the problems with Bluehost.)
Look into A Small Orange instead, and if you're using Wordpress, simply offload your photos to Picasa or Flickr and use a plugin such as
Photonic Gallery. Also take advantage of Cloudflare to offload bandwidth further, fortunately if you use ASO's DNS servers, it's easy to turn on Cloudflare support from within Cpanel.
As for reducing spambots and comments, making the site more secure, and easing restoration in case it gets compromised (and Wordpress can and will get compromised given enough time - but that can be said of any scripted CMS)... what I currently recommend is the following set of plugins:
Anti-spam
AVH First Defense Against Spam Plugin
Bad Behavior
CloudFlare
Google Authenticator
iThemes Security
Online Backup for Wordpress
None of the humans who post to my hole in the wall have a problem doing so, but I haven't seen so much as a spam comment in over a year, and according to logs, bot traffic only accounts for about 10-20% of overall traffic. Of course, I tweaked .htaccess and robots.txt a bit as well on top of all this, but I don't mind sharing what I did if asked.