Some basic tips first....

  • Use HTTPS when connecting to your site's Control Panel, this is what your hosting provider gives you, not a Drupal thing per se
  • Use a secure form of FTP, for example "FTPS Explicit SSL", see FTP for details
  • When logging into Drupal as an admin user make sure you use HTTPS
  • All user logins should be via HTTPS
  • All content upload or editing should also be via HTTPS
There is plenty of useful information on Drupal and Security, so check out the following: