Hi Martin,
I am afraid that depends on the programming language ( For PHP visit
https://www.php.net/, you'll find there a lot of useful information) used to write your code, but basically you have to follow the OOP (object orientated programming) guiding lines and use strong passwords.
If your website request users to create an account in order to access some sections/ features, make sure you implement a Captcha section, as account creating bots are very annoying.
Finally, DDOS attacks are very rare and need a lot of resources, so I don't think you should worry about this. The protection needed against this type of attacks is very expensive too.
Cheers!