Preserve headers/logos underneath 125 pixels high. It takes up beneficial viewing space, primarily for laptop users, that is ideal left for the good stuff to appear"above the fold" Take a cue from the massive businesses, straightforward logos completed nicely say it all. This is our #1 pet peeve - screaming logos and headers!
fix wordpress malware virus will even tell you that there's not any htaccess from the directory. You may put a.htaccess file if you wish, and you can use it to control access from IP address to the directory or address range. Details of how to do this are available on the internet.
There are ways to pull this off, and a lot involve copying and FTPing files, exporting and re-establishing databases and much more. Some of them are very complicated, so it is important that you select the one that is best. If you're not of the technical persuasion, then you may want to check into using a plugin for WordPress backups.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely if you make changes and frequent additions to your site. If you make changes multiple times a day, or have a community of people which are in there all the time, a daily backup should be a minimum.
Can you see that folder, what if you go to WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can't see what plugins you have. Because even if your existing version of WordPress is current, if you're using a plugin or an old plugin with a security hole, then someone can use that to get access.
Bear in mind the safety of your sites depend on how Clicking Here you manage them. Be certain that you follow these strategies that are simple to avoid hacks and exploits on websites and your blogs.