No silver bullet can ensure that you are never compromised. You can never reduce the percentage of risk to zero but you can implement controls to minimise impact and to take proactive approach to threat preparedness.
Information security is the act of protecting information and information systems from unwanted or unauthorised use, access, modification and disruption. This uses principles of protecting confidentiality, integrity and availability of information.
There are 6 types of website threats;
1) defacements: to change the appearance of the website
2) seo spam: to ruin your rank for example the pharma hack injects code into your website to redirect your traffic to pharmaceutical companies and their products.
3) malicious redirects: to redirect your traffic elsewhere. This is often integrated with other attacks i.e. seo spam.
4) iframe injections: to embeds a hidden iframe in your website that loads another website onto your visitor’s browser like a pop-up ad.
5) phishing scams: attackers develop malicious files and code that look like plugins and themes and then exploit credentials on a server, or the attackers use a known vulnerability to infect the plugins and themes. Then they use the bait-and-hook approach through ads or emails to redirect traffic to these fake pages stored on legitimate website.
6) backdoor shells: the attackers upload a piece of PHP code to your website that allow them to take control of it, download your file and upload their own.
One way to protect your device from website threats is to apply updates. They usually include new features, improved stability and fixes to known vulnerabilities.