Run a Firewall
Make sure that your server has a firewall running all the time.
Protect traffic coming in AND going out (ingress and egress protection); it can stop both incoming and outgoing attacks even when you're not aware of it.
Keep track of what ports are open and why.
Know how to block and unblock an IP.
Run a Current OS & Kernel
Keep your version of the operating system up to date; you should be running the most recent stable version.
Install the all the latest security patches for your system and applications.
Control Access to Server
Remove, disable or change passwords to default accounts.
All passwords should be strong passwords; they should also be unique, and changed periodically.
Disable "guest" accounts/access.
For data center-hosted servers, all administrative accounts must be SUNet ID accounts.
Remove inactive user accounts regularly.
Keep a complete list of everyone who has access to the server, and make sure you know who has which read/write privileges.
No open file-sharing is allowed.
All remote access should be restricted to specific IP addresses, and encrypted from end to end (via VPN).
Review Processes and Remove Extra Software
Know everything that runs on your server, why, and which users have access.
Disable any and all unused services.
Install anti-virus software, and make sure it stays current, is running actively and is generating logs.
Lock /tmp, /var/tmp, and /dev/shm partitions (linux/Unix)
Since /tmp, /var/tmp and /dev/shm are world writable directories, if left unlocked anyone can read/write/excute anything from these directories and it becomes a major security concern.
With /etc/fstab you can limit what can be done in these partitions: if you see 'defaults' beside the /tmp line, remove it and replace it with 'noexec,nosuid'. This will stop any executables from being allowed to run.
Do the same for /dev/shm and make /var/tmp a shortcut (symbolic link) to /tmp.
Lock down Your Software: PHP, Apache, etc.
Lock down all your applications per the vendor's best practices.
Use change management and version control procedures for all your software; document all changes to applications and archive previous versions, just in case.