• Know your logs
• Disable development/debugging options
• Handle user-uploaded images with care
• Disable the web interface
• Change your ssh port
• Set up a firewall
• Use an external webserver