Always keep your CMS (e.g. WordPress or Joomla) and the plugins up to date.
Don't just install every plugin/theme, but also inform yourself about it.
Install known security plugins
Subscribe to CMS newsletter or Shoph manufacturer's newsletter (to receive information about Updates/Security Vulnerabilities)
Use secure passwords. If a password is given to a web designer etc., change it again. If a password is issued to a web designer, etc., change it again when the collaboration is complete.
Use encrypted FTP "ftpes" (explicit encryption). How to set up a ftpes connection in different FTP programs is explained in our Instructions for setting up FTP programs explained.
Using the latest antivirus software on your local PC
Keep your local PC up to date (Windows Update, Adobe Products, Java etc)
Make regular (local) backups of your website data
Create the e-mail addresses webmaster@[DOMAIN] or info@[DOMAIN]. Google, for example, writes to these addresses to inform you of a block.
These measures can minimize the risk, but there is no total protection.
