Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Installing the repair hacked wordpress site Scan plugin will check most of this for you, and alert you that you might have missed. It will also tell you that a user named"admin" exists. Needless to say, that is the administrative user name. If you wish, you can follow a link and find instructions for changing that title. I personally believe that a password is good enough protection, and there have been no attacks on the numerous blogs that I run, because I followed these steps.
Is also significant. You want to backup database and all the files you can bring your own site back like nothing happened.
While it's an odd term, it represents a task: making a WordPress copy of your website to work on offline, or in case something should go amiss. We are not the original source only being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% uptime, and if you've had this happen to you, you understand the fear is it can cause.
Now we are getting into things specific to WordPress. You have to rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to deploy the database facts there.
Do your homework and some hunting, but if you are pressed for time and need to get this done once and for all, try out the WordPress security plugin that I use. It's a relief to know that my site (and company!) are secure.