Preserve headers/logos underneath 125 pixels high. It takes up beneficial viewing space, primarily for laptop users, that is ideal left for the good stuff to appear"above the fold." Take a cue from the massive businesses, straightforward logos completed nicely say it all. This is our #1 pet peeve - screaming logos and headers!
By default, the latest version of WordPress is pretty darn secure. Anything that might have been added to any fix wordpress malware scanner plugins has been considered by the development team of WordPress . Before, WordPress did have holes but most of them are stuffed up.
Also, don't make the mistake of believing that your hosting company will have your back as far as WordPress copies go. Not always. It's been my experience that the hosting company may or may not be doing proper backups, while they say that they do. Why take that kind of chance?
You also need to set the"Anyone Can Register" in Settings/General to off, and you ought to have some type of spam plugin. Akismet is the one I use, the old standby, but there are lots of them these days.
As I (our untrue Joe the Hacker) understand, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, internet hosting, etc. accounts which all come with logins and passwords you will need to remember.
There is. People know you could try this out where they can login and they could just drop by with your login form and try outside a different combination of user accounts and passwords. So as to prevent this from happening you want to install Login Lockdown. It is a plugin that lets users attempt and login with a wrong password three times. Following that the IP address will be banned from the server for a specific timeframe.