I believe in a lean approach to website security by minimising the amount of third-party code you rely on. This and regular maintenance is what helps keep your site secure. The most common security breaches are due to script bots that target common vulnerabilities in publicly available code.
Here are some of the security techniques I have in place:
- Fully protected passwords and hosting details
- SSH keys in use
- Server access via a white-listed VPN IP
- Use of reputable hosting companies with regular maintenance and updates
- Use of secure content management systems (CMSs) and frameworks such as Drupal and Symonfy
- Monitoring of sites and regular updates
Also, all my code is written with security in mind. From preventing cross site scripting by filtering user generated content to parsing GET/POST requests. Security is an integral part of the app and site architecture.