Here are checklist to harden your website and greatly increase the resiliency of your web server.
| Sl. | Web Security Checklist |
|---|---|
| 01. | Does your website have an site-wide SSL Certificate and use SHA256 encryption for the best encryption. |
| 02. | Have you installed an SSL certificate to ensure that customer data is transmitted securely. |
| 03. | Have you tested your SSL certificate to ensure that it is functioning correctly. |
| 04. | Have you updated your website to use HTTPS instead of HTTP. |
| 05. | Is the payment process secure. |
| 06. | Do you use reputable payment gateway that is know for security. |
| 07. | Do you encrypt customer data during the payment process. |
| 08. | Do you use two-factor authentication to protect against fraudulent transactions. |
| 09. | Do you provide clear information about your refund and return policies. |
| 10. | Are your refund and return policies are easy to find and understand. |
| 11. | Do you provide clear information about how customers can initiate a refund or return. |
| 12. | Do you have a clear timeline for processing refunds and returns. |
| 13. | Have you appointed a Data Protection Officer or a person responsible for GDPR compliance. |
| 14. | Have you conducted a Data Protection Impact Assessment to identify risks to customer data. |
| 15. | Have you implemented appropriate technical and organizational measures to protect customer data. |
| 16. | Have you obtained customer consent for collecting and processing their personal data. |
| 17. | Do you provide customers with clear and accessible information about how their data is being used. |
| 18. | Obscure header info to keep your configurations private. |
| 19. | Use Http Only cookies to prevent scripts from reading cookie data. |
| 20. | Use secure cookies to disallow un-encrypted transmission of cookies. |
| 21. | Secure the web server processes. |
| 22. | Ensure form validate input to Prevent form mishandling. |
| 23. | Protect against SQL injection vulnerabilities and DDoS. |
| 24. | Disable insecure cipher suites because default configurations of most web servers still allow SSL cipher suites that are considered insecure. |
| 25. | Implementing a web-application firewall (WAF) helps protect your web application from common web-based attacks. |
| 26. | Backup your website on a regular schedule for Automate website backups. |
| 27. | Lower security vulnerabilities within your website’s code, also called cross-site scripting (XXS) weaknesses, by “cleaning” your HTML code with a tool like HTML purifier. |
| 28. | Conduct regular tests on your website’s configurations to maintain a secure environment and stay ahead of potential threats. |
| 29. | Don’t abandon unwanted domain names as cybercriminals can access confidential information through abandoned domain names. |
| 30. | Hide your configuration files by Moving your config.php and other files containing passwords to a secure directory outside of the ‘public_html’ folder will make them inaccessible to general web surfing. |
| 31. | Delete any databases/applications from your account that are no longer in use. |
0 Comments