Elements for building secure site

     

If i was to build a "Hacker proof" site what would be my weapons of choice?   I guess wordpress is out of the question. ;)


I am fully aware that it is no such thing as hacker proof but lets say i wanted to delay for as long as possible.


Maybe you can give me some pointers on how to proceed with that and some dos and donts.


Thank you.

  
"
answer1
  
  

The question is very broad but some essentials:


      
  • Prevent SQL Injection by using prepared statements.
  •   
  • Validate input / Output to prevent XSS
  •   
  • CSRF protection for form data
  •   
  • HTTPS for secure login pages
  •   
  • Secure permissions for web processes / folders on your server
  •   
  • Up to date software on server
  •   
  • Backups to remote server
  •   
  • Fail2Ban to prevent brute forcing
  •   
  • Montior access / error logs from apache/nginx
  •   
  • Monit for resource montioring
  •   
  • Encrypt passwords using a secure hashing algorithm that can't be brute forced
  •   
  • Two Factor authentication
  •   

Those are the ones off the top of my head.