1. Never follow guidelines from the TYPO3 security cookbook
2. Do not hire TYPO3 professionals
3. Use some ancient TYPO3 version
Also never update extensions, especially if security vulnerabilities are fixed there.
4. Do not subscribe to TYPO3 security announcements
TYPO3 security announcements inform users when security issues are fixed. Ignore them. If you need an insecure web site, you do not need these announcements.
5. Do not protect directories
Make sure you have directory listing enabled. This will allow anyone to see what you keep in fileadmin/.
6. Do not use salted passwords
Salted passwords (through a TYPO3 system extension) make it much harder to discovere your passwords for hackers. Do not use salted passwords!
7. Make a database dump and put it to your web server (in fileadmin/)
If you enable directory listing and put a dump of your database to fileadmin/, anybody will be able to find it and hack into your computer. If your site has user registration, hackers will be able to get passwords and contact data of all your users. They will be able to use this data to login to other services that you users use.
8. Use FTP to transfer data to your site
FTP is a very insecure protocol. It transmits passwords in clear text. Thus anybody on the network will be able to get your password and login to the site. Makie sure you use FTP from your laptop in hotels, cafe or airport.
9. Make sure files are writable by anyone
Adjust permissions on file so, that anybody can modify files. In some time you will have your files modified, spam links appear on your web sites and PHP shells installed.
This post is a joke. Of course, I do not want anybody to make their web sites insecure. But the information presented here is very typical for sites that suffered a security breach. So see it as a security checklist. If you find anything from the list above on your web site, you are in danger. Go and fix. If you do not know how, contact TYPO3 security team.