blair

If you have a dedicated server... First and most important keep your server software updated and patched. Especially old PHP and kernels which can be insecure. A couple links with lots of info: Website security precautions, and Secure settings for PHP on Apache. Suhosin will further harden your PHP installation. Close unneeded open ports. Maintain access logs. Depending on the size of your site these can quickly grow in size, but they can be very useful in identifying any access points. Disable direct root login, and change the default ssh port. Secure passwords, limit access Disable allow_url_fopen in php (recommended in the securing PHP link above). If an attack happens, preserve the time stamps of the files affected (ie: using cp -p before deleting the files). Disable world writable permissions (777) for directories. As a general rule, chmod 755 for directories, 644 for files. mod_security Firewall, brute force protection, email notification when someone logs in as root. Backup, backup, backup, maintain off-site backups. Cloudflare? Clouflare blocks IP addresses, and many Asian countries share IPs (as do dial-up users). Many false positives if you have visitors from these areas, but worthy for high-risk sites. A security diligent host or server admin can be amazing.