What do you do to protect your small business online so it doesn’t get hacked? I rewrite the core of WordPress, BuddyPress, plugins, themes,  and any other PHP code so it is more secure. I also am always updating the server and making sure it is secure. My company does security for other companies, so I do things that not everyone else does. What do you do to protect yourself? This could be a really interesting and informative thread.    

@rich-brooks Which security/firewall plugins do you use? What method of backing up do you use? I highly recommend FTP only and not backup plugins. If you use backup plugins, then if that server is hacked or the person designed it with malicious intent, then you just lost all the data you were trying to protect.

It is important to remember that the malware makers and hackers have realized how big WordPress is. There are illegal companies in the underground that chargeto find exploits in plugins. We examine the hacker underground to devise new security methods.  A book on all our findings would be quite interesting to security enthusiasts and quite unsettling to everyone else.