Security

Some basic tips first....

• Use HTTPS when connecting to your site's Control Panel, this is what your hosting provider gives you, not a Drupal thing per se
• Use a secure form of FTP, for example "FTPS Explicit SSL", see FTP for details
• When logging into Drupal as an admin user make sure you use HTTPS
• All user logins should be via HTTPS
• All content upload or editing should also be via HTTPS

• A Security Checklist for Drupal 8 Sites with Private Data | Lullabot
• Keeping Drupal Secure | Capgemini