Turn off the features of the Web server that you really don’t use.
The more features a server provides, the more trouble (security holes) it may introduce.
E.g., turn off using server-side includes. This feature opens security holes, most notably, the possibility of allowing an intruder to execute any command (embeded in an HTML document) on the server with the ‘exec’ include.