1. Add HTTPS and an SSL Certificate
  2. Choose a Smart Password
  3. Use a Secure Web Host
  4. Does the web host offer a Secure File Transfer Protocol (SFTP)? SFTP.
  5. Is FTP Use by Unknown User disabled?
  6. Does it use a Rootkit Scanner?
  7. Does it offer file backup services?
  8. How well do they keep up to date on security upgrades?
  9. Record User Access and Administrative Privileges
  10. Change Your CMS Default Settings
  11. ‘Read ‘(4): View the file contents.
  12. ‘Write ‘(2): Change the file contents.
  13.  ‘Execute ‘(1): Run the program file or script.
  14. Owner – Often, the creator of the file, but ownership can be changed. Only one user can be the owner at a time.
  15.  Group – Each file is assigned to a group. Users who are part of that specific group will gain access to the permissions of the group.
  16.  Public – Everyone else.
  17. Backup Your Website
  18. Know Your Web Server Configuration Files
  19. Apache web servers use the .htaccess file
  20. Nginx servers use nginx.conf
  21. Microsoft IIS servers use web.config
  22. Apply for a Web Application Firewall
  23. Tighten Network Security
  24. Have computer logins expire after a short period of inactivity.
  25. Make sure your system notifies users every three months of password changes.
  26. Ensure all devices plugged into the network are scanned for malware each time they are attached.


As a business owner and webmaster, you cannot merely set up a website and forget it. Although website creation is easier than ever, it does not change the fact that security maintenance is necessary.

Always be proactive when it comes to protecting your company’s and customer’s data. Whether your site takes online payments or personal information, the data visitors enter into your site must land in the right hands.