Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to some how to fix hacked wordpress site plugins. Before, WordPress did have holes but now most of them are filled up.
Also, don't make the mistake of believing that your hosting company will have your back so far as WordPress copies go. Not always. It has been my experience that the company may or might not be doing proper backups while they say that they do. Why take that kind of chance?
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it can't be found in the root directory. Also, nobody will be able to read the document unless they've FTP or SSH access to your server.
You can get an SSL Encyption Security to your WordPress blogs. The SSL Security makes encrypted and secure communications with your blog. So that all transactions are listed, you may keep history of communication and the all the cookies. Be certain all your sites get SSL security for maximum protection from hackers.
Bear in useful site mind the safety of your blogs depend on how you handle them. Make certain that you follow these tips to prevent exploits and hacks on your own blogs and sites.