I won't pretend that I know much about this topic because in reality I don't: my experience and knowledge on networking security is terrible. However, I will still try to provide some useful information...
Firstly, you can obfuscate any JavaScript code being used for your website and you can do this online using services such as
https://javascriptobfuscator.com. This way if an attacker can access the JS source files on your website to learn how something works it will take them more time as they will have to work with deobfuscation, and if they are not experienced then may not even know where to really start. Another technique alongside this is to place some random JavaScript code to fill gaps inbetween important pieces of code... This will trick an attacker as they will be trying to figure out what the dummy code was used for/the purpose of it, and will put them off guard and distract them.
Secondly, you can "minify" any CSS source files:
https://cssminifier.com/ (this isn't directly related to "website hacking/security", but it is just a useful tip anyway and I believe it can help speed some things up but I am honestly not sure - if anyone could correct me so I learn a bit too that'd be great).
Thirdly, get some protection such as Firewall/Anti-DDoS. A common choice that people go for would be CloudFlare, and if you take this route then you won't need to do things like minify the CSS source files yourself, since CloudFlare has features built within it to automatically do this for you:
https://www.cloudflare.com/
One good method you can use is to change the permissions on files/directories so people who are not authorised cannot access them, which will improve your website security a lot. Therefore, people cannot just add a "/" and then a directory name at the end of your website domain and then go snooping around, since you would've locked off unauthorised access.
If you notice that your attack is becoming under attack then I recommend you contact the provider you are using for the protection of your site (e.g. CloudFlare if you use them) and get a second opinion from them, but at the same time, you must try your best to stop the hackers beforehand by applying techniques such as IP filtering (bans). Usually there will be security levels on firewall services such as CF which can be modified depending on the situation (e.g. higher level if your site is becoming under attack). You can also report any confirmed DDoS attacks and the such (e.g. FTP attacks to deface your website) to the authorities and see if they can do anything about it - bear in mind that it will also depend on laws of where the attacker is located, which is a huge downside and very annoying.
(Also if you ever do become under attack, quickly change your FTP details say on case).
If you're working with PHP, even though they cannot just access the PHP source code (since it's on the server-side of things), they can still attempt SQL injection techniques - I recommend researching about how SQL injection works and how you can do your best to prevent it, should you be working with PHP of course.
You can also make use of SSL certificates to ensure encrypted data is transferred from the local browser between the server side, good for payment related actions to ensure more safety for the end-user (so if someone was sniffing a network, the information transferred across would be encrypted, thus they'd be wasting their time trying to sniff out personal details on your network).
One of the last pieces of advice I can provide is to make sure you use complex, long, strong passwords... Utilise capital letters, numbers, special characters. Do you know how long it would take for someone to brute force a password with a length of 15 characters which utilises both a strange combination of numbers and special characters? Chances are unless the rewards for them brute-forcing it were over-the-moon they will give up and not bother because it would take them a lot of work and would be very time consuming. Strong passwords are essential and a key role in staying safe online and preventing becoming hacked, period.
Regarding the website encryption stuff you mentioned, I am not really sure about this... So hopefully someone else will (thread bump here).
Hope this helped, sorry I couldn't provide much useful information... But no one else replied yet so I thought I'd try my best to bump this thread to grab the attention of some others who are more experienced in networking security than me!
@LabZero @DardiM maybe can provide some insight?
