There is a never-ending stream of news stories about security breaches and the reality is that if dedicated groups like Anonymous can hack (usually for good reason – personal opinion) major organisations and Governmental departments with a huge security budget, then the average SME’s website will be hackable by really dedicated hackers. However, the reality for most companies is that hackers targetting their sites are either some geek playing and not necessarily being deliberately malicious or are minor criminals.
And the two major routes to accessing your site are weak passwords and out of date software and plug-ins with security holes that have not been updated and patched.
For passwords one of the biggest issues for the average user is the need for a number of passwords for different applications and sites. You need to create complex passwords and be able to remember them (a not unusual method of access is to get the complex password from the post-it stuck on the screen!). There are a number of useful methods for creating complex yet memorable passwords and secure tools removing the need to remember them all.
Here is a link to an interesting article if you want to take a more detailed look, https://www.vpngeeks.com/how-to-secure-your-passwords.