Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
how to fix hacked wordpress will also tell you that there is no htaccess from the directory. You can put a.htaccess file into this directory if you wish, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do that are available on the internet.
No software system is immune to vulnerabilities and bugs. Security holes will be found and bad guys will do their best to exploit them. Keeping your software up-to-date is a good way to stave off attacks, because reliable software vendors will fix their products once security holes are found.
In case you ever want to migrate your site elsewhere, like a new hosting company, you'd be able to pull this off without a hitch, and also without needing to disturb your old site until the new one was in place and ready to roll.
Whitelists pathological-looking phrases and black based on which field they appear within, in a find more info page request. (unknown/numeric parameters vs. known article bodies, comment bodies, etc.).
Oh . And incidentally, I was talking about plugins. When you get a new plugin, make sure it's a safe one. Don't install any plugin because the owner is saying on his website that plugin will allow you to do that or this. Use a test site to check the plugin, or perhaps get a software engineer to analyze it. This way you'll know it is not a threat for your organization or you.