Preserve headers/logos underneath 125 pixels high. It takes up beneficial viewing space, primarily for laptop users, that is ideal left for the good stuff to appear"above the fold" Take a cue from the massive businesses, straightforward logos completed nicely say it all. This is our #1 pet peeve - screaming logos and headers!
Cloning your website is another level in how to fix hacked wordpress which can be very useful. Cloning simply means that you've backed up your website to a totally different place, (offline, as in a folder, in order to not have SEO problems) where you can get it at a moment's notice if necessary.
I might find their explanation it a little more difficult to crack your password if you're one of the proactive ones. But if you're among the responsive ones, I might get you.
Harness Scanner goes through the files on your site post, comment and database tables. You are like this also notified by it for plugin names that are unusual. It does not remove anything, it simply warns you.
Now we are getting into matters specific to WordPress. You must rename it to config.php and modify the document config-sample.php, when you install WordPress. You need to set up the database facts there.
Those are three things you can do to keep WordPress secure without plugins. Put a more information blank Index.html file in your folders, run your web host security scan and backup your whole account.