Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Since scare tactics appear to be what drives some people to take fix malware problem a little more seriously, or at the very least start thinking about the problem, let me shoot a couple of scare tactics your way.
Truth is, if your own website is targeted by a master of this script, there is no way. What you are about to read below are some precautionary measures you can take to quickly minimize the threat to an acceptable level. Odds are a hacker would prefer picking easier victim, another if your WordPress site is protected.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search informative post for it if it can't be found in the main directory. Also, nobody will be able to read the file unless they've FTP or SSH access to your server.
Install the WordPress Firewall Plugin. Prevent and this plugin investigates web requests with WordPress-specific heuristics that are simple to identify attacks.
However, I advise that you set up the Login LockDown plugin as opposed to any.htaccess controls. Login requests will be stopped by that from being permitted from a certain IP-ADDRESS for an hour or so after three unsuccessful login attempts. You can still access your mobile while and yet you still have great protection against hackers, if you accomplish that.