The first thing is to make sure your host (or your own server) is keeping up with the latest patch (OS, Server software, Scripting software, etc).

Next if you use any kind of server side scripting, make sure all your scripts/applications are well built security wise (especially if you allow any kind of file uploading on your server), validate data from forms server side (javascript only validation isn't reliable).

Obviously, those are just starters, there's lots of little things that can be done (Server config, PHP config and such).

But all in all, it's impossible to get a 100% secure system, the trick is to cover the most common security holes and focus on the things you absolutely can't let hackers in.

hope that helps

mavherick

and in addition to what mavherick said, make sure you have a reliable backup strategy in place so if something does happen you can recover quickly.

If they can hack the Pentagon, they can hack you.

Just a wonderful side benefit of the information age.

You'd be surprised at how easy some webmasters make it for hackers to get in to their site. In fact, I wouldn't even really call it hacking, just loggin in and uploading a new index page. Every few weeks or so, my hosting company gets a complaint that a customer's site was "hacked". 95% of the cases, it's been that the owner of the site made the username and password either the same, very easy to guess, or had disclosed it to someone else for whatever reason. We even had one guy how got "hacked" and we found out his password was 'password'. lol

Your first line of defense is to have a password that's not easy to crack. Use something like y5Hn5gaz, in other words, random letters and numbers. With a decent password like that, most "hackers" will not think it worth the bother. Unless you're a high-profile site, having a good password will make it safe enough.