There is some good information to be found at Stopbadware.org on securing a web site and ongoing efforts to eliminate the threat of malware being served up by compromised hosts and rogue web hosting companies.
Basic security tips and tricks
5 steps to make your site more secure:
- Use strong passwords.
- Use SSH and SFTP protocols, instead of telnet or FTP. Telnet and FTP are both considered insecure because of their use of plain text protocols. They transmit usernames and passwords in a way that anyone with access to the network can read. SSH and SFTP are based on an encrypted protocol which prevents eavesdropping.
- Scan your site for security vulnerabilities using a vulnerability auditing scanner (both free and commercial versions are available). Use security update management tools to detect missing patches and then apply those patches immediately.
- Keep up to date on news relating to any software you or your host use on your site, and make sure you are always running the most recent versions, including security patches. Subscribe to, and regularly read, any newsletters or alerts offered by your hosting provider and software providers.
- Make sure your hosting provider keeps all software updated, including security patches. If they do not, urge them to do so or switch to a hosting provider that you are confident does its best to keep its clients' websites secure.