From the way you describe your goal, you are building mostly one-off websites. For small companies and the like? You'll be best off just using popular open source products like Drupal, WordPress, or ModX and keeping up to date with security updates. Many of these will automatically notify you of security updates and you can apply them right away. Don't try to host the websites on your own server either. Get a hosting product from a company that will keep the underlying OS, Apache, and PHP up to date and secure. This will reduce your exposure quite a bit. You still need to make sure to choose good passwords. Nessus or OpenVAS are also an option.