What I have done so far:
1. added passwords in http://localhost/security/
2. installed XAMPP on Virtual PC
3. added port 80 forwarding on router to virtual PC's IP address, nothing else is forwarded
4. about to remove anything but my website from htdocs folder
Is that enough assuming there are no PHP code errors(I do check all user input and sprintf/mysql_real_escape_string() all SQL queries)?