Methods that'll help improve the security of your Magento 1.x store.
This is not a recommendation that merchants should continue to run Magento 1.x (following Adobe's EOL melodrama). It's an acknowledgement of methods merchants can adopt to improve the security of their stores if they are still running M1.
- Sign up for MageOne or adopt OpenMage. Get your security patches.
- Sign up for Sansec eComscan. It's legit.
- Run your site behind a WAF. e.g. Cloudflare, CloudFront.
- Require authorized IPs for admin and SSH.
- Streamline IP authorizations through VPN use.
Key to these measures is the security profile inherited with one's hosting partner. The good ones, frankly, will include (even mandate) the aforementioned measures with their service.