Initially, harden the server's security configuration. Update and lock down things that are public-facing on the server. Anything that is public facing that doesn't need to be public facing should be locked down to a VPN or a whitelist IP at the very least. Turn on logging and review the logs from time to time. Invest in DDOS protection - if you upset a hacker and they can't hack your server, they may DDOS out of spite.
The Following User Says Thank You to zomgmike For This Useful Post:
Look at sucuri they offer a good service that we resell to our customers.
I can definitely vouch for Sucuri...i rate them highly enough and if you are someone who cares about your site's security then i suggest you give Sucuri.net a try. There is a reason why major publications like TheNextWeb, CNN, PC World, TechCrunch, USAToday are recommending these guys.
Initial hardening, blocking unused ports, setting up VPNs, thorough monitoring, and frequent updates to all OS and software should be a good start. If in doubt consult with your hosting provider or a server security specialist.