Here is a good post I found while researching this topic by Rosalind Gardner. She is a Super Affiliate blogger, author, speaker, and Internet marketing consultant.
-------------
At very least, you should protect your computers and data with routers, firewalls, anti-virus software and external hard-drives.
Remember, it is not enough to install these programs and hardware, you actually have to use them. For example, set up your anti-virus
software to download updates automatically. Likewise, program your
external hard-drive to automatically back-up your data on a regular
basis.
If you are on a managed server, such as a BlueHost hosting account,
login into your cPanel and Fantastico interfaces regularly and update
your installed programs as the upgrades become available.
If you want to install programs and plugins that don’t come with Fantastico, research them for known ‘security holes‘.
Better yet, ask the technical people at your ISP if they have
information about the program. Because they are just as keen as you are
to stop hackers, in many cases, they will research the software for
you.
Too, don’t leave unused Wordpress themes on your server, and un-install unused plugins.
Stay alert for unusual activity on your accounts. If you have
trouble logging into any of your accounts and you sure the username and
password is correct – alert your ISP right away and send the account
name with logins.
If you are running a membership software such as Amember, you can prevent bruteforce attacks by setting an incorrect login attempts limit.
That allows a user to make a mistake in entering their username or
password only a set number of time times, i.e. 3 or 4. If the user
exceeds these attempts the system will either lock them out of the
system or prevent any future attempted logins.
If you need a programmer to tweak a particular piece of software, go
first to the developer and find out whether they will either do the
work or if they know programmers who are experts with that software.
Otherwise, ask your friends if they can recommend a programmer whom
they trust.
When you hire a programmer for a small tweaking job, set them up
with their own password which you then cancel as soon as the work is
finished.
Do NOT use duplicate passwords, i.e. use different passwords for
your affiliate accounts and server access. For your best defense
against bruteforce password attacks, be sure your passwords are
comprised of numbers as well as uppercase and lowercase letters and
change your passwords regularly.
Last but not least, backup your sites’ data! Although they probably
do, it is not enough to count on your ISP to back up your site
regularly. You can generate your own full site backups manually from
cPanel.
A alternative that may be preferable however, is to install software that does automated backups and has a quick and easy restore process such as Affiliate Backup. At the time of the hacker attack, I had Affiliate Backup set up on only one site — now it is set up to run on all of my sites.
And yes, I AM kicking myself for wasted a pile of cash on weeks worth
of data entry, when I could have had another instance of the program
installed for $57. DUH!!!
Although there is no way to completely eliminate hacker attacks,
there is plenty you can do to prevent them from gaining access to your
site. DO make the time and effort to protect yourself, because doing so
after the fact takes 100 times more time and effort.
Source: http://www.netprofitstoday....