There is a huge amount to consider with securing a web site.
One good initiative is security.txt: Proposed standard for defining security policies which defines where security contact information is. This is good if there is a security incident and a researcher needs to contact you. Their site has a form that helps with generating a security.txt
file as well as information on how the proposed standard is progressing. In addition Scott Helme has written a number of posts on the subject, take a look at security.txt - Scott Helme to see them all.