There are many ways to secure a website but my quick advise is to implement security at the early stages of your development. I've worked with a lot of developers and shown them how they can leverage tools like Snyk to review their code and provide fixes.

Most of the time security is done after the code is written and this causes delays. Some other times code reaches servers and then are scanned for vulnerabilities which is the same thing that hackers are doing to find exploits so I highly recommend DevSecOps as a start!

The one thing I recommend clients in the Web3 space is to implement DevSecOps as part of their software development cycles. When you study breaches in this space they are often initiated by misconfigurations or bad practices so better to implement it right from the start so that you can be in business for the long run!

I agree on Google Analytics for simplicity but there are a lot of OSS tools you can also leverage if you want to keep your data private. Example: Elasticsearch has a lot of integrations to collect and graph website traffic.

I often get asked this question and have helped a lot of businesses move from hosting provides to cloud providers like Amazon AWS, Microsoft Azure, Google Cloud Platform or Heroku and others. One of the advantages is that you manage or have visibility on the underlying technology hosting your site. Depending on the site you have you will need a virtual machine (old school), containers in Kubernetes or the best case will be to go serverless in the form of a Web App, Function or Lambda.