There are many ways to secure a website but my quick advise is to implement security at the early stages of your development. I've worked with a lot of developers and shown them how they can leverage tools like Snyk to review their code and provide fixes.
Most of the time security is done after the code is written and this causes delays. Some other times code reaches servers and then are scanned for vulnerabilities which is the same thing that hackers are doing to find exploits so I highly recommend DevSecOps as a start!
