Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Besides text and the graphics you're creating, you're going to need a protection and backup option for your new website. how to fix hacked wordpress is quite significant, and if you do not protect and back up your website you could lose important data and information which may be hard to restore. You don't want to need to start over from scratch after you've done all that work, so be sure you're secure.
The one I recommend, and the more powerful approach, is to use one of the password creation and storage plugins available on your browser. Many people like RoboForm, but I believe after a trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate secure passwords for you; then you use one master password to log in.
Keep your WordPress Setup to date - One of the simplest and most valuable tasks you can do yourself is to ensure that your WordPress installation is upgraded. WordPress provides a notice in your dashboard to you, so there is really no reason.
BACK UP your website regularly and keep a copy on your own computer and storage. Back up daily, For those who have a website. You spend a whole lot of time and money on your website, don't skip this! Is BackupBuddy, no back up widgets your files, database and plugins. Need to move your website to another host, this will do it in under a few minutes!
There is another problem you have review with WordPress. People always know they could visit with your login form and where they can login and try a different combination of user accounts and passwords out. In order to stop this from happening you need to set up Login Lockdown. It's a plugin that lets users attempt to login with a password three times. After wikipedia reference that the IP address will be banned from the server for a specific timeframe.