Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
The how to fix hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the administrative page from your web host.
Also, don't make the mistake of thinking that your web host will have your back as far as WordPress copies go. Not always. It has been my experience that the hosting company read the full info here may or may not be doing proper backups while they say that they do. Take that kind of chance?
Exclude pages - This plugin adds a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of webpages (which contains, and is usually limited to, your page navigation menus).
Now we are getting into matters. Whenever you install WordPress, you have to edit the file config-sample.php and rename it to config.php. You want to set up the database information there.
Oh . And incidentally, I talked about plugins. When you get a plugin, make sure it's great post to read a secure one. Don't install any plugin just because the owner is saying on his website that plugin will allow you to do that or this. Use maybe, or a test site to check the plugin get a software engineer to analyze it carefully. This way you'll know it is not a threat for your organization or you.