Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to some fix wordpress malware removal plugins. In the past , WordPress did have holes but most of them are filled up.
This is great news because it means that there's a community of developers and users who could enhance the platform. However there is a big group of people trying to achieve something, there will always be people who will attempt to take them down.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it if it can't be found in the root directory. Additionally, nobody else will be able to read the file unless they have SSH or FTP access.
If you aren't currently running the latest version of WordPress, upgrade. Leaving your website is like maintaining your door unlocked when you leave for vacation.
Using a plugin for WordPress security just makes you can try this out sense. WordPress backups will need to be carried out on a regular basis. Do not become a victim because of not being proactive about your own site!