Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
If you do not have good protection on your website files can easily get lost. A few of those files may be stored on your computer and easily replaceable, but what about the rest of them? Where will you get them out of again, if you lose them the first time? Especially for sites that have been in business for a long time, fix hacked wordpress database is vital. Often, long-term sites have made a number of files and have a good deal of data. Recreating all of that are a nightmare, and not something any business owner would like to do.
If you're one of the ones that are proactive, I might find it somewhat harder to crack your password. But if anonymous you're one of those ones that are reactive, I might get you.
Maintain control of your assets - Nothing is worse than having your livelihood in someone else's hands. Why take chances with something as important as your site?
Along with adding a secret key to your wp-config.php file, also consider altering your user password into something that is strong and unique. WordPress will tell you the strength of your password, but a good idea is to avoid phrases, use upper and lowercase letters, and include numbers. It's also a good idea to change your password regularly - say once every six months.
Don't use wp_ as a prefix for your own databases. Most web hosting providers are eliminating that default but if yours doesn't, fix wp_ to anything but that.