1. Backup your website on the server.
If you have more than one important web site, put them on different web hosts. Don’t rely on your web host for backups.
Find two different hosts which allow SSH access. Get an account with each. FTP the backup of one site to the other server directly, and vice versa. Download copies to your home computer as well.
2. Put a file called ‘index.html’ in every major or important directory in your website, if it doesn’t already have one.
This stops people trying to peek at other files in the same directory.
3. Do not use old versions of FormMail. Do not use scripts that are newly released, unless you know how to check for security holes.
They should filter input like # or >. Search on the terms ‘Script Name bug’ or ‘Script Name security’.
4. Rename any email scripts you download before installing them.
Why give a spammer a clue as to what your script is, and what it can do?
5. Do not give files or directories obvious names, like ‘pass’, ’emails’, ‘orders’ and the like.
Again, why make it...