TheOptimizationIdiot - 4:38 pm on Apr 5, 2013 (gmt 0)
Keeping ANY software patched up and current becomes even more important.
^^^ This, plus I think it also makes a case for going extensionless (or to a "static" .htm / .html extension), stripping all query strings, "double scrubbing" any POST variables, turning any headers that expose underlying technology off or over-writing them with something generic, password protecting or "internal sub-domaining" anything other than visitor necessary pages, and basically making it more difficult for anyone to know what makes a site "tick" from the back end or even access anything other than URLs that don't allow for manipulation if they do figure it out.
Some of that's probably "over the head" of quite a few people, but unfortunately it looks like it's becoming increasingly important to be up on tech and know exactly what everything that allows external access does.
On one of the sites I've been working on I've gone so far as to correct extensions to .html (that's what they've been for years) regardless of what someone types in or links to (extensionless, .htm, .php, .something-else all end up at .html which is Not parsed as php or anything else), stripped all query strings and Forbidden POST request for any URL that does not actually process a form. All forms are also scrubbed heavily and tend to "error and say call us" a bit more easily than most I've seen.