Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
I back my blogs regularly using a free plugin WP DB Backup up. I will always restore my blog if anything happens. I use my blog to be scanned by WP Security Scan free plugin regularly and WordPress Firewall to block suspicious-looking asks to repair hacked wordpress site.
No software system is immune to bugs and vulnerabilities. Security holes will be discovered and guys will do their best to exploit them. Keeping your software up-to-date is a good way to stave off attacks, because reliable software sellers will fix their products once security holes are found.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it cannot be found in the root this website directory. Also, nobody will have the ability to read the document unless they've FTP check my source or SSH access.
Another step to take to make WordPress more secure is to upgrade WordPress to the latest version. The main reason for this is that moved here with every update there come fixes for security holes that are old which makes it essential to upgrade early.
Do your homework and some hunting, but if you're pressed for time and want to get this try out the WordPress security plugin that I use. It is a relief to know that my website (and company!) are secure.