I am going to keep adding to this list and I will be write a blog post about each item to explain it more. If you feel like I missed something please comment and I will add it to the list.

  1. Use strong passwords and never repeat your password on another account.
  2. Don’t share your usernames and passwords with anyone.
  3. Set up accounts with the least privileges needed for that account to do what it is intended to do.
  4. Install security patches and updates. Know what is installed on your website and where to find updates for it.
  5. Use SSL and other encryption.
  6. Hash all passwords that your website stores and never store passwords in plain text.
  7. Connect only from a secure computer and network.
  8. Set Up logging.
  9. Back up your website on a schedule. Automate it you wont remember it.
  10. Set up file permissions (Folders 755 Files 644)
  11.  Stay up emails alerts on you chosen CMS and other important software.
  12. Use sftp or ftps not ftp.
  13. Log errors don’t display them.