Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Allow me to shoot a few scare tactics your way since scare tactics appear to be what compels some people to take secure your wordpress website a bit more seriously, or at least start considering the issue.
Use strong passwords - Do your best to use a strong password, alpha-numeric. Easy to remember passwords are also easy to guess!
Yes, you need to original site do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make additions and useful site changes to your website, definitely more. If you have a community of people which are in there all the time, or make changes multiple times every day, a backup should be a minimum.
Install the WordPress Firewall Plugin. This plugin investigates web requests to recognize and stop most obvious attacks.
Utilizing a plugin for WordPress security makes great sense. WordPress backups will need to be carried out on a regular basis. Don't become a victim as a result of not being proactive about your own site!