The following are perhaps the top three threats to the security of your website and/or personal data along with a suggested recommendation of how to prevent them. This is not an exhaustive list but possibly the ones that should be at the top of your "to do" list.
Using old versions of software or scripts.
The majority of exploits occur due to the use of out of date software or scripts installed on users accounts. Hackers typically gain access to, or compromise, an account by using well know security holes or weaknesses in old versions of software.
In fact there are many sites that provide free code or scripts that can be used to attack and exploit out of date versions of software with very little, or even no, technical knowledge - it is that easy!
One of the key reasons that software versions are updated frequently is because such exploits have been identified and then appropriate measures taken by the developers in the new code to negate these threats.
Keep all of your software or scripts updated to the latest versions.
Check for available updates regularly and update as soon as possible.
Compromise of user credentials.
There are an increasing number of attacks being launched against personal computers and devices using “malware” to steal usernames and passwords. Typically this “malware” is installed on your local machine when you open an infected file, often contained in a spam email.
This is particularly concerning for any banking or financial applications that you use but increasingly your user credentials for social media sites or other applications are being targeted as they may “open the door” for further exploits.
Being able to install and spread this “malware” via your website or use your email account to send such spam is very attractive to this community of hackers. Therefore these user credentials are of particular interest.
Use anti-virus protection on your computer.
The installation and use of an anti-virus protection or similar software is essential to keep your username and passwords safe and secure. Scan for exploits regularly and keep the software updated to enable it to protect you from the latest threats.
Brute force attacks on your account.
Brute force attacks are where an attacker continuously tries to “guess” your password and/or username. Yet again, freely available code or scripts can be downloaded and used to cycle through thousands of password combinations in a very short space of time.
Use strong username and password combinations.
On any installed software or script try to change the default “admin” password to something that is unique and hard to “guess”. Always ensure that you use very strong passwords! Try to use both upper and lower case, numbers and special characters in a reasonably long sequence. Proprietary password manager software sometimes makes this a little easier to manage and provides suggestions for strong passwords.