I am going to keep adding to this list and I will be write a blog post about each item to explain it more. If you feel like I missed something please comment and I will add it to the list.
- Use strong passwords and never repeat your password on another account.
- Don’t share your usernames and passwords with anyone.
- Set up accounts with the least privileges needed for that account to do what it is intended to do.
- Install security patches and updates. Know what is installed on your website and where to find updates for it.
- Use SSL and other encryption.
- Hash all passwords that your website stores and never store passwords in plain text.
- Connect only from a secure computer and network.
- Set Up logging.
- Back up your website on a schedule. Automate it you wont remember it.
- Set up file permissions (Folders 755 Files 644)
- Stay up emails alerts on you chosen CMS and other important software.
- Use sftp or ftps not ftp.
- Log errors don’t display them.