That's far too big a question for a little text box, it involves many factors rather thna just "do this and you'll be good".
Start by using HTTPS instead of HTTP - secure the communications:
The Complete Guide To Switching From HTTP To HTTPS — Smashing Magazine[
^]
Then ensure that none of your site is vulnerable to SQL Injection:
SQL injection - Wikipedia[
^]
Then Cross site scripting needs addressing:
What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy[
^]
Then it's password security:
Password Storage: How to do it.[
^]
Then probably you want to look at bot prevention to reduce brute force attacks:
CAPTCHA - Wikipedia[
^]
And even two factor authorisation could get a look in:
Multi-factor authentication - Wikipedia[
^]
And all that is without any hardware / software security you may need depending on your application!
See what I mean? This isn't a simple subject, and there is no way you can do this properly without extensive research.