Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Let me shoot a couple of scare tactics your way since scare tactics appear to be what drives some people to take fix wordpress malware virus a little more seriously, or at least start considering the problem.
Truth is, if your own site is targeted by a competent master of the script, there is no way. What you are about to read below are some measures you can take to minimize the risk to an acceptable degree. If your WordPress site is protected chances are a hacker would prefer picking another.
There's a section of config-sample.php that's headed"Authentication Unique Keys." There are. There's a hyperlink inside that part of code. You need to enter that link into your browser, copy the contents that you get back, and replace the keys you have with the unique, pseudo-random keys offered by the site. This makes it harder for attackers to automatically read this generate a"logged-in" cookie for your site.
Can you see that folder Imagine if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can't view what plugins you have. Because even if your existing version of WordPress is up to date, if you're using a plugin or an old plugin using a security hole, someone can use this to get access.
Utilizing a plugin for WordPress security makes sense. WordPress backups need to be performed on a regular basis. Don't become a victim of not being proactive as a result!