Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to some fix wordpress malware virus plugins. In the past , WordPress did have holes but now most of them are stuffed up.
Safeguard your login credentials - Don't keep your login credentials where a hacker might find them. Store them off, as well as offline. Roboform is for protecting them very good , too. Food for thought!
Is to delete the default administrator account. This is important because if you don't article do it, a user name which they could try to crack is already known by malicious user.
Phrases that were whitelists and black based on which field they look within. (unknown/numeric parameters vs. known article bodies, remark bodies, etc.).
Do your homework and some searching, but if browse this site you are pressed for time and need to get this try out the WordPress security plugin that I use. It's a relief to know that my website (and company!) are secure.