Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Install the clean hacked wordpress site Firewall Plugin. This plugin investigates net requests with heuristics that are straightforward to identify and stop attacks that are most obvious.
Don't make the mistake of believing that your hosting company will have your back so far as WordPress copies go. Not always. It's been my experience that the company may or might not be doing backups while they say they do. Why take that kind of chance?
Luckily, keeping your WordPress site up-to-date is one of the easiest things you can do. For the past couple of versions, WordPress has included the ability to install automatic updates. Not only that, but websites are notified every time a new update becomes available.
BACK UP your website and keep a copy on your computer and storage. For those who have a very active site, back. You spend a lot of money and time on your website, don't skip this! The one solution that does it all is BackupBuddy, no additional plug-ins back up widgets your documents, plugins and database. Need to move your website to another host, this will do it!
Do your homework and some hunting, but if you are pressed for time and want to get this done once and for all, try Get More Information out the WordPress safety plugin that I use. It is a relief to know that my site (and company!) are secure.