Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Allow me to shoot a scare tactics your way since scare tactics appear to be what compels some people to take fix hacked wordpress site a bit more seriously, or at least start considering the problem.
Well, we are talking about WordPress but what's the feeling of performing security checks and upgrades if your own computer is in danger of hackers. There are files that can encrypt key loggers. No matter what you do, they are easily able to access everything that you type on your keyboard when this happens. You can find a good deal of good antivirus programs online. Look for a antivirus program or ask experts.
1 thing you can take is to delete the default administrator account. This is critical because if you don't do it, a user name that they could try to crack is already known by malicious user.
Whitelists phrases and black based on which area they look inside. (unknown/numeric parameters vs. known post bodies, sites comment bodies, etc.).
Do not use wp_ as a prefix for your own databases. Most web hosting providers are currently eliminating that default now but if yours does not, fix wp_ to anything else but that.