Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Install the repair hacked wordpress site Firewall Plugin. Stop and this plugin investigates net requests to recognize attacks that are most obvious.
No software system is resistant to bugs and vulnerabilities. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software up-to-date is a good way once security holes are found because their products will be fixed by software sellers.
1 step you can take is to delete the default administrator account. This is important because if you do not do it, a user name that they could try to crack is known by malicious user.
Now we are getting into matters specific to WordPress. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You want to install the database details read review there.
However, I recommend that you install the Login LockDown plugin in place of any.htaccess controls. From being allowed after click for info three unsuccessful login attempts from a certain IP address for an hour login requests will stop. If you do that, you may get into your admin panel while and yet you still have protection against hackers.