You posted a great question. I wonder how many ask that before they build a CMS site?

I happen to agree with MrGamm. The term "open source" should be your first red flag.

I have a client that built his entire business around using Joomla. My server administrator
advised him about the security issues, but they were just words to my clients ambitions
of creating a site which collects data from users. Sure enough, his site was hacked and it
took him weeks to try to recover. It also was very expensive.

One of HIS issues, of course AFTER the fact, was that the server was not secure and that
it was not backed up. After many interesting words, the server was backed up and has been extremely
well protected, far more them most other servers.

What actually happened was that the client did not follow-up by having his mySQL database
set to backup his data. He knew nothing about it, nor did his web developer.. and of course,
he would not ask the expertise of my server administrator ( which I'd like to add is one of the
very best I have come across ) because he was warned about the issue, yet chose it anyway.

Some things I would consider if you wish to maintain a good site and most important a good business:

1) Do everything mentioned by MrGamm
2) When you build with "open source" know you are advertising to everyone that you are open for someone
to try to exploit your site and your information.
3) Repeat number 1
4) Almost anyone can provide hosting. See if you can find a provider that actively tries to support open source
security issues. ( my administrator would not be that guy.. it hates the CMS open source stuff )
5) Repeat number 1

If more were inquiring about it like yourself, it would become the first thing to ask about..

Hope your new site does well..

Mark Mazzarella - Developer - VRInstructor.com