1. Don’t pass your domain account info to anybody. That means to avoid using php “Guru’s” from freelancing sites. Cheap does not mean good and secure.

2. Rename your /admin (Administration area) to whatever you like and password protect it. Oh, admin12345 is not a password.

3. Update your cart as soon a new stable release is available.

4. You don’t need 777 files …

5. Install an oscommerce security contribution like Osc_sec http://addons.oscommerce.com/info/7834