1. Check the file permissions for files on your server

If you have files that allow anybody to modify them such as groups and users then you already have a major problem. You need to only allow users to view your content not write to it.

2. Check the privileges of user names accessing the database you are using.

Sometimes granting all privlieges for a username of a database can be dangerous. When designing your website that stores all of your information in a database it is best to split the privlieges between multiple usernames. This could cause the hacker some pain and time when trying to retrieve information from your database.

3. Make sure passwords are above 6 characaters with CAPS and Numbers and double hash them.

When passwords are short lengths and contain no caps and no numbers it makes it easier to do brute force attacks on the websites. So always make sure it is over 6 characters and add caps and numbers to your password. On the backend make sure you double hash passwords. When you double hash them use two different types of hashes. This is will throw hackers off some.

4. Always validate the visitors input.

When you have visitors enter in information that will be sent to the database make sure you protect against query attacks. There are certain combinations that visitors could use to reset passwords or drop your database. So every time they enter in values make sure you have a function to remove bad characters to protect your database.

5. Use computer generated pictures when allowing users to login or signup.

When hackers hack login information, they use a program and to loop through all the possible combinations for a password. If you use computer generated pictures for validation it will cause them even more discomfort for a hackers because they will need a program to read computer generated pictures which is close to none!

6. Use SSL.

SSL is a cryptographic system that uses two keys to encrypt data. SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely. To get a better understanding look below at the block quote from php.net.

SSL/SSH protects data travelling from the client to the server, SSL/SSH does not protect the persistent data stored in a database. SSL is an on-the-wire protocol.

Once an attacker gains access to your database directly (bypassing the webserver), the stored sensitive data may be exposed or misused, unless the information is protected by the database itself. Encrypting the data is a good way to mitigate this threat, but very few databases offer this type of data encryption.

You can buy SSL certificates from your web hosting company or from independent websites.

7. Keep your system up-to-date.

If you are using php 3 and php 5 is out then you need to UPGRADE!!! Usually when you update your system they include patches to solve security problems that the previous release did not have.

8. Customize your security and create no documentation for IT!!!

Most of the time on the internet everybody is using the code because they downloaded it from somewhere in which over a thousand users downloaded the same thing. Hackers will download it to so they can know how to hack it to. If you are real serious about security I suggest you create your own technique after researching other methods out there and create NO documentation for it. I agreed with open source but not when it comes to SECURITY! This will make it hard for hackers and they will move on to an easier website to wreck havoc.