1. Backup your website on the server.

If you have more than a website important, put them on different Web servers. Do not trust your web server for backups.

Find two different machines that allow SSH access. Get an account for each. FTP backup of a site on the server directly, and vice versa. Download copies of your home computer too.

2. Put a file called 'index.html' in all major directories or on your website, if not already have one.

This prevents people trying to take a look at other files in the same directory.

3. Do not use older versions of FormMail. Do not use scripts that have been recently released, unless you know how to find security holes.

Filter should be input as \ # or>. Search the bug script name "security terms or script name.

4. Renaming scripts email download before installing.

Why give a spammer a sense of what writing is, and what you can do?

5. Do not give the files or directories of the obvious names such as 'pass', 'email', 'order' and the like.

Once again, why make it easier for snoopers?

6. Do not leave encrypted, confidential information on the server.

It's just a computer in a room of God knows where, with God knows who has access to it.

7. Use a popular web host.

That one could be a cheapo reseller not committed. Your Google PageRank gives an idea of ??how popular they are. Send an email to one or two. See how long it takes to get a response. Check out their forums, how busy they are? They have a forum? Next!

8. If you are configuring. Htaccess or any other type of password protection, use long passwords and varied.

"Ch33s3And0n10n" is much safer than the "cheeseandonion" and simply memorable. Make your password at least 8 characters long, containing letters and numbers, and upper and two lower case letters. Common words can be guessed by cracking programs brute force.

9. Scripts strip down to essentials. Update regularly.

Any function / module that does not really need, turn it off.

10. Be careful what you say about other people or products on your site.

In fact, not security, but ... people are very sensitive to criticism. "Flame wars" are a waste of time and energy, so avoid them.