Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Finally, installing the clean hacked wordpress site Scan plugin will check all this for you, and alert you to anything that you might have missed. Additionally, it will tell you that a user named"admin" exists. Of course, that is your user name. If you desire, you can follow a link and find instructions for changing that name. I personally think that there is a strong password good enough protection, and because I followed those steps, there have been no attacks on the blogs that I run.
I might find it somewhat more difficult to crack your password if you're among the ones that are proactive. But if you're my explanation one of those ones that are responsive, I might just get you.
You first must create a user with administrator rights, before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all the information you need to enter.
You could get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your blog. You can also keep the all the cookies and history of communication so that all transactions are recorded. Make sure all your sites get SSL security for protection.
Using a plugin for WordPress security makes great sense. Backups need to be performed on a regular basis. Don't become a victim of not being proactive about your 16, because!