Update your CMS (WordPress, Joomla, Drupal, etc.), themes and plugins on a regular basis. Outdated themes, plugins and CMS are one of the main reasons websites are hacked.
Clean your hosting account regularly to decrease the risk of vulnerabilities and exploits. You can clean your account by removing all old code, unused user and FTP accounts, and unused files and domains.
Never leave a backup of your website on the same server.
Frequently update your password to combine uppercase and lowercase letters, numbers and symbols.