TIP 1: Do not trust user input of any format! Validate EVERYTHING and Sanitise EVERYTHING!
TIP 2: Do not run outdated software in production.
TIP3: Do not run code that you do not understand in production (e.g. copy/paste from tutorials).
TIP4: Follow the rules of least privilege in your application and production host.
TIP5: Learn to think like a hacker and learn the basics of hacking.
It is an infinite ongoing process, and requires paying attention every single day your write or run code.