Blog / Website Security / Website security checklist for 2021
Website security checklist for 2021
28 Dec 2020
It's almost 2021 and the cyber security threats are more aggressive than ever. We prepared a website security checklist that will guarantee you that your website is a safe place for your visitors. In order to make your website secure, you need to:

1) Use up to date software

Let's say that you have an ecommerce shop, one that uses WooCommerce or Magento. There are new software updates almost every two months. As a shop owner, you should try to update your website's software when there are new versions available, because the new changes may cover performance or security aspects, and these two will help you to have a better online store.

2) Use strong passwords and change them frequently

You should use passwords consisting of at least 8 characters. The password should contain: letters (uppercase and lowercase), numbers and special characters (such as: !@#$%^&*}{:"). We recommend you to update your passwords once in three months.

3) Create frequent backups, for both database and files

You should not rely on the hosting company, because there are a lot of cases when they have problems and your data is lost. That's why you should create backups at least once a week. You should backup both the files and the database.

4) Use SSL certificate

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client - typically a web server (website) and a browser, or a mail server and a mail client.

To show your visitors that your website is a safe place to navigate, you must use an SSL certificate. You can register free SSL certificates at Let's Encrypt:

5) You should allow restricted access to your users

You should create different access roles for your users. For example, Wordpress CMS has the following user roles: administrator, editor, author and simple registered user. You should deny access to critical website settings for users with lower roles.

6) Prevent SPAM - Use captcha and honeypots on your website forms

You can integrate Google reCaptcha for free and it will automatically protect your website forms.

You can integrate a honeypot. A honeypot is a hidden field that is visible to bots but not humans. When a bot fills out a form, the bot sees the hidden field and fills it out. You can make a rule and if this hidden field is filled or is filled with a different value than you're waiting, the form was completed by a bot/spammer.

7) If you want someone else to take care of your website security, you should invest in a website security software, in case you're interested, we can help by offering free website security services. Please visit the following page for more details:

Protectumus is a free website security scanner that checks your website for known vulnerabilities. We use a cloud scanner that scans your website for security issues for free. Protectumus also offers DDOS protection, Web Application Firewall (WAF), Two Factor Authentication (2FA), Uptime and Speed Monitoring, plus many more. You can find a list of detailed security features here:

Want to know more about keeping your site safe? Subscribe to our mailing list.