There are really two major factors in properly securing a website. The first is at the server level and requires your website hosting company to be at the top of their game. This is why I use Siteground.com exclusively and you may read more about how I setup your website hosting here. When creating your new website I have several applications purchased and installed at the server and application level like Site Scanner.
The second area is the website itself. I use RSFirewall in every website. This commercial extension is the best-of-breed real-time protection for your website. RSFirewall! is the most advanced security service that you can use to protect your website from intrusions and hacker attacks.
Here are some of the protections and benefits.
- Stay protected through SQL, XSS and LFI filters
- Hardens your website's security
- Scans your files for malware
- Automatically block IPs that attack your website
- Block access to specific countries
- Keep track of attackers and blacklist them
- Password-protect your administrator folder
- Spam protection for forms
- Block brute-force attacks
- Lockdown your site
- Database check
- Keeps up to date