The first thing to do is make sure that you keep your software up to date and apply all security patches on a timely basis.

You don't say, but if your site is hosted by a third party you need to be sure that they keep their hosting environment up to date as well. Plenty of big names have been embarrassed because their service provider let them down.

As soon as a security patch is released it is safe to assume that there will be people out there writing exploits for the vulnerability (if they don't already exist) and looking for the low hanging fruit who were slow on the uptake.