Since attacks only can install itself on a machine you're logged in to, only login to the webserver if absolutely necessary. Also be sure you have a strong password on the webserver, and that the provider protects the server well against attacks.