If you are into reading and in a DIY state of mind I would start here:
Introduction - owasp-development-guide - OWASP Development Guide - Google Project Hosting
OWASP is a large community for web application security.
As you can see from the guide, there is a lot to consider.
As other people mentioned, it is not a bad practice to scan your web site (assuming you know how to fix the issues).
If your web site is commercial, you might want to consider products or services that can help you protect your site.
If you web site is non commercial like a blog or forum, there are a couple of free services that can help you secure your web site.
If you are seeking a product/service I can recommend some.