1. Secure Passwords A secure password goes a long way to slowing down a potential infiltrator. Hackers are experts at programming computers to plough through huge amounts of data very quickly. Passwords should always be a combination of letters (uppercase and lowercase), numbers and special characters. The longer the password, the better. 2. Don’t use Generic Usernames Using common words for usernames such as “admin”, “administrator” or “Site Owner” can cause many implications because you are simply making the job of the hacker’s a lot easier. By using such common words for your username, you are incredibly increasing the success rate of the hacker by at least a few points of a percentage, which is consider a lot where only one answer can be right from an unlimited range of combinations. 3. Keep software up to date It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. If you are running old versions of software chances are it’s insecure, make sure you upgrade to the latest release. When website security holes are found in software, hackers are quick to attempt to abuse them. If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. 4. XSS Cross site scripting is when an attacker tries to bypass in JavaScript or other scripting code into a web form to attempt to run malicious code for viewers of your site. When creating a form always ensure you check the data being submitted and encode or strip out any HTML. 5. Server side validation/form validation Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause a huge loss or an undesirable results in your website.