No decision is going to be more critical than hosting and servers. Many a server errors can be attributed to unpatched servers, open ports or weak shared hosting. On shared hosting your site could be set up properly and still be hacked through another site on the shared server. If your current host has problems with basic server configurations than you should most likely look for a new host. So step 1 make sure you are using a well-known secure host and that you stay current with your server patches.

Host your site on a server that runs PHP 5.2 or better in CGI mode with Su_PHP. Su_PHP is to PHP scripts what Su_Exec is to Perl files; basically it allows the execution of scripts under your specific user account as opposed to default Apache account. This allows you to more easily identify and track security breaches.

Ensure that you are using the latest Apache version and that your Apache configuration doesn't allow browsing/indexing. IT managers also need to ensure that the proper settings are in place for the .htaccess, serverconfig and php.ini files.

By default the htaccess file is not in use. Make sure you rename it from .htaccess.txt to .htaccess. Then it needs to be placed in your root folder. You can also add some rewrite rules to it to prevent common exploits. You can find directions on how to edit the . This will add an additional layer of protection to your system.