| Use strong passwords and change them regularly |
Does the application have features to support this? |
|
| Use Website Backups |
Is the application/web server carrying out backups? |
|
| Limit Contributors Permissions |
Are only the required rights to perform tasks granted to a user? |
|
| Secure online checkouts |
Are you using AVS (address verification system) and take CVV (credit card verification value) when
accepting any credit card payments?
|
|
| Update all plugins |
Are all plugins up to date? |
|
| Use anti-malware solutions |
Are you using anti-malware? |
|
| Consider DDos protection |
Do you have Distributed Denial of Service (DDos) protection? |
|
| XSS scripting attacks |
Do you sanitize your input fields? |
|
| SQL Injection |
Do you filter input forms? |
|
| Use security scanning tools |
Do you use plugins and tools to scan for potential security risks? |
|
| Hide your web host provider and version |
Are you hiding the software name and version you are using? |
|
| Be careful with file uploads |
Are you restricting the type of files that can be uploaded? |
|
| Be careful with file uploads |
Are you changing permissions of the uploaded files to ensure that no files can execute post upload? |
|
| Be careful with file uploads |
Are you changing the directory that the files are uploaded to so that it cannot be easily guessed? |
|
| Install an SSL certificate |
Do you have an SSL certificate installed? |
|
| Prevent spam |
Are you preventing spam content? |
|
| Follow ISO 27018 compliance |
Are you ISO 27018 compliant? |
|
| Use HTTP/2 |
Are you using HTTP/2? |
|