Originally posted by TigerOC
4. Keep your software updated regularly.
Of all these recommendations, I think #4 needs to be #1.
More websites get comprimised due to vulnerabilities in web applications than via brute-forced passwords. Usually, a vulnerability in some secondary piece of software is then used to elevate priveleges for the intruder.