Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
I back my blogs regularly using a plugin WP DB Backup up. I will always restore my website if anything happens. I use WP Security Scan plugin that is free to scan my site and asks that are suspicious-looking to be blocked by WordPress Firewall to fix wordpress malware plugin.
I might find it a little more difficult webpage to crack your password if you're one of the ones that are proactive. But if you're among the ones that are reactive, I might just get Resources you.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it if it cannot be found in the root directory. Also, nobody else will be able to read the Resources file unless they have SSH or FTP access.
Black and whitelists pathological-looking phrases based on which field they look within, in a page request. (unknown/numeric parameters vs. known article bodies, comment bodies, etc.).
Just make sure that you may schedule, and you decide on a plugin that's current with release and the current version of WordPress, restore and replicate.