Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Since scare tactics appear to be at least start considering the issue, or what drives some people to take fix wordpress malware fix a bit more seriously, allow me to shoot a scare tactics your way.
There are ways to pull off this, and a lot involve copying and FTPing files, exporting and re-establishing databases and much more. Some of them are very complex, so it's imperative that you select the one that is right. Then you may want to check into using a plugin for WordPress backups, if like ithave a peek at this site you're not of the technical persuasion.
You should also set the"Anyone Can Register" in Settings/General to away, and you should have some sort of spam plugin. Akismet is the old standby, the one I use, but there are lots of them these days.
BACK UP your site and keep a copy on your own computer and storage. For those who have a website that is very active, back up daily. You spend a lot of time and money on your website, don't skip this! Is BackupBuddy, no back up database, widgets, plugins and your files. Need to move your site this will do it in under a couple of minutes!
However, I recommend that you set up the Login LockDown plugin rather than any.htaccess controls. That will stops login requests from being allowed from a certain IP-ADDRESS for an hour or so after three failed login attempts. If you accomplish this, it is still possible to access your admin mobile while and yet you still have protection against hackers.