I think this is a topic of great importance but mostly ignored by this forum, in comparison with a flood of purely technical, minuscule, very detailed, RW-centric issues.
When any new set of rules, like GDPR, comes to life, many (if not most) web developers get pissed, because they see them as a set of complications (if not blockades) on their path.
I say, security is not that complicated, if treated not as something to comply with, but rather something to strive for. Make it an inseparable part of website development – at an early stage. Complicated is cleaning up the mess after a security breach which shouldn’t happen in the first place. So, start with getting a SSL certificate for your website (free) from Let’s Encrypt (many hosting companies provide that as part of their service). I suppose, this is obvious for all of us. What’s less obvious is the fact that getting a SSL certificate is just the first step towards making our sites safe and secure.
Luckily, every one of us can now have a guide to creating and maintaining safe and secure websites, for free – compliments of EDRi (European Digital Rights).
In addition to that, I’d suggest for everyone to subscribe to security news feeds, like Naked Security and/or Krebs On Security. These are recommended not only for web developers but for every person that ever uses Internet. Here are some links for RSS feeds:
And how to take advantage of these security news feeds? If you are not using a RSS-reader yet, I recommend to download and install one. My favored one is Net News Wire (requires macOS 10.14.4 or newer). Here’s a review of that reader on CSS-Tricks.