Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold" Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Finally, fix wordpress malware fix will even tell you that there's not any htaccess from the directory. You may put a.htaccess file within this directory if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do that are readily available on the net.
Safeguard your login credentials - Don't keep your login credentials where a hacker could find them. Store them off, and even offline. Roboform is for protecting them good , also. Food for thought!
A snap to move - If, for some reason, you want to relocate your website, like a domain name change or a new web host, having your files at your fingertips can save you oodles of time, headache, and the demand for tech help.
Whitelists pathological-looking phrases and black based on which area they appear inside, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
However, I advise that you install the Login LockDown plugin in place of any.htaccess controls. From being permitted after three unsuccessful login attempts from a certain IP address for one hour login requests will stop. You can still get into your admin panel while away from your workplace, and yet you have this website great protection against hackers, if you do so.