First, WELCOME to SitePoint!
Second, please look through the threads in this board as there is a wealth of information here.
- Use VERY strong passwords
- Keep your "canned" programs up to date
- Use defensive coding. This includes edgar's admonition to validate and remove dangerous characters (<, >, http://, href://, ', ", and many others). If you're expecting a name, would you allow =? 9? etc.
- Verify uploaded files, i.e., that they were uploaded (rather than the server's password file) then, if an image is expected, PROCESS that image before moving it to your webspace, i.e., create a new image file and rescale the image (to change it) before saving to your directory
- Ask your host to run a maldet CRON on your account nightly. It will report any files containing malware at which time you MUST replace it with your original then look for the security hole you have
- Run your own nightly CRON scan to ensure that your files have not been changed, deleted or added to
While VERY strong passwords are exceptionally important, I believe that using good coding is the most important. Just ACT paranoid in your programming (test, test and test again) and you'll save yourself many hours/days of recovery effort.
FWIW, I've just relocated and configured the control panel to ignore/ban any illicit attempts to gain access. I've had several attacks each day with some coming so fast that the banning didn't have time to take effect! I'm not paranoid but there are those out there trying to get me (although I am sure that I'm anonymous to every one of them). Fortunately, the seemingly paranoid protections are doing their work!