[malektaus]

This is not fool proof by any means but it can help you alot.

1. Think like a hacker, well most of you can't do that. So here is what they look for. Normal passwords to areas of your site that are common words. Avoid words like admin, bible, 12345, or other words and common items in the english language. It's best to use either a foreign language for a PW or use a variable of numbers and symbols together.

2. Change your PWs on the ACP and FTP at least 4 times a year or more. This helps prevent PW generators which take a long time from finding out your PW. Yes I said PW generators, they do exist and they are rather affective.

3. Make sure your FTP isn't accessible via the net in general as hackers can gain access to certain files that can give them your PWs for all areas. You can change this in your CP.

4. Just as a backup make sure to DL your DB about 4 times a year so you can easily rebuild your site if it does get hacked. You may have lost some content but your still online.

5. Make sure you choose a host client that can give you all the support you need if you can no longer get into your account. If you are already with a host that can't do this then you need to look elsewhere for hosting. Sometimes when your hacked it takes more than you to regain comtrol of your site and there's only 1 other person that can do that, your host.

Being hacked is not fun and sometimes it comes from the inside as I have seen. Be certain that the people you give access to your site are fully trusted by you and even at that when they don't need access still change your PWs and only give them to them when they are needed.

[Foxx]

Getting hacked is definitely not fun.

[bmelton]

If you're on a dedicated host, make sure your OS is patched.

I run all my sites on Debian Stable servers, which has a solid reputation for being stable and secure. With apt-get, I can cron hourly security updates to occur, so that I'm as patched as I can reasonably be.

Another common thing to avoid is FTP. If you have SSH access to your box, then you should switch to using SCP (WinSCP for Windows). It's basically the same as FTP, so there's very little learning curve, only uses encryption for your passwords, whereas FTP (and telnet for that matter) send passwords in plaintext. If you're being targetted by a hacker, Telnet and FTP are easy ways for them to get in.

[Jolteon]

Also, consider changing your Admin Control Panel & Mod control panel (if applicabe to your software) On vBulletin and MyBB this is relatively simple, just rename the directory (ANY valid foldername is OK!) then go to your config file (the file you configured during installation, it is usually inside the folder /inc or /includes) and change the option to the new directory. This auto changes all links inside the forum too. However for increased security, you may wish to edit templates to rermove this link, so you NEED to know the directory your control panels reside in, or you ain't going no where through the CPs.
Important: I have only done this on vBulletin and MyBB, I cannot gurantee this method (specifically configuring the config file) works on other software!