Security Strategy A: Put someone on it full-time.
- Do patching immediately.
- Monitor constantly and alert frequently.
- Review existing apps for correct security.
- Run a tight firewall. Run an IDS.
- See https://www.veracode.com/blog/2015/10/3-easy-steps-making-perfect-security-possible.
- Audit, audit, audit.
Security Strategy B: Use a web scanning service or plugin.
- Does your hosting provider offer a website monitoring service? (For instance, GoDaddy does.)
- Does your platform offer free or paid monitoring plugins? (WordPress has dozens.)