Security is an important factor in web development process. Ideally, security should be addressed at the beginning, before you even start planning and designing your projects. Reality though, is more complicated, and in many projects, security issues are considered after the development is done, right before deploying the website to a live environment.
This may be problematic, as dealing with security problems may become expensive in later stages of the process. The first thing you should do, is to determine how secure your website should be and which security protections you will have to implement.