Use Our Web Security Checklist
There are many online threats to our websites. That’s why it’s a great idea to make a point of running through our handy website security checklist once a year to make sure you’re doing everything you can to protect your site and all of the content.
To help you easily make sure you’re properly securing your site, we’ve pulled together the most important elements of basic (and not so basic) web security.
Let’s start with the major ones: Password Management, Whois, SSLs, and 2FA.
Your login password is arguably the simplest, most important, and most neglected element of your online security. Why? Because it’s a hassle to remember new passwords. Or maybe because you can’t think of a good one. Or maybe it’s because you think “who could possibly guess that my password is my wife’s birthday plus her first name?” (Some of you just got a little nervous with that last one, didn’t you?)
The point is, password security relies on human invention and, therefore, human error. The more vigilant you are with managing your login info, the lower the risk of making simple mistakes that could lead to big problems.
We’ve talked about some helpful tips for generating strong passwords and you can learn even more about smart password management in our Knowledgebase.
As with visiting the dentist or changing the oil in your car, a bit of preventative maintenance can go a long way. Check the Whois information on all your domain names at least twice a year to ensure it’s still current. Inaccurate Whois data can lead to suspension of your domain—an unwelcome surprise that’s easily avoidable with a little planning.
And while you’re at it, it’s a great practice to protect your public contact information with WHOIS or domain privacy. These services mask your personal Whois data by sending domain lookup inquiries through your site’s registrar, which means less spam and other unwanted attention. (And Namecheap offers free Domain Privacy on eligible domains for the first year.)
Already have WHOIS privacy? Terrific! But did you know that you have to renew your domain and your WHOIS privacy separately? Now’s the perfect time to note the expiration date of both to avoid any lapses in privacy, especially if you own several domains.
We’ve written a lot on this blog about the benefits of SSL security certificates, and for good reason: the data encryption and domain verification that SSLs provide have become indispensable safety features for online business. SSLs are a great way to boost your SEO, believe it or not, and Google’s Chrome browser has even gone as far as to issue a warning before loading sites that don’t provide valid SSL protection.
The simple truth is, if you’re doing business on the web, you need to have strong, reliable SSL protection.
Got an SSL for your site already? Great! You now may want to take a look at increasing your security level, especially if you’ve increased the amount or changed the type of sensitive transactions on your website. Namecheap offers all levels of SSL to suit your needs, including Positive SSL.
In recent years, Two-Factor Authentication (2FA) has become more and more essential as a security component. Facebook, Amazon, and Google have all boosted customer trust and security by providing 2FA as a means to verify user accounts. 2FA protects your accounts by adding a simple verification step (entering a code sent to your mobile number) before allowing access to your account. This way, even if a hacker or thief obtains your login credentials, they’re still out of luck if they don’t have your 2FA access code.
The number of domain thefts and hacked websites continues to grow, so securing your web accounts with 2FA is a no-brainer. Set up 2FA for free on your Namecheap account today.
Take Your Site Security to the Next Level
Ok, so you’ve handled the tasks above like a pro. Ready for more? We’ve got something for every domainer who’s dedicated to covering all their online safety angles.
- Got a WordPress site? Take a look at these security tips designed just for WordPress. Or boost the security you already have with the robust and versatile Jetpack plugin for WordPress.
- If you spend a lot of time on public wifi networks, you ought to brush up on these handy do’s and don’ts.
- So you think you’ve secured the perfect URL for your company? Don’t be so sure. It’s possible for someone to steal it out from under you.
- Pirates are only fun at costume parties—and even then they’re kind of obnoxious. Set a course to steer clear of potential plunder.
- Dive deep into the world of online safety in our interview with digital security expert Robert “RSnake” Hansen (and no, sadly, he doesn’t reveal how he got his cool nickname).
As wide as the World Wide Web is, there are always opportunities to make it safer.
Users just like you do their part by taking steps to protect their sites, data, and identities. Working together, even in small ways, we can help keep the Internet a powerful, safe, and fun resource for everyone.
You really should start offering Let’s Encrypt SSL in cPanel if you truly care about security. 🙂
Great article! Definitely want to tighten up website security now especially with the recent Google security updates. The 2FA is also a great idea for site owners as well. I’ve used a plugin for this on some of my wordpress sites using twilio.
I recommend this to clients as well to protect the login page when I install SSL on their sites.
Definitely better than just having a password no matter how good the password is.
Thanks again for the “straight-to-the-point” article!
A nice checklist, though I would recommend a website firewall too on top of this 🙂
I love this check list.Thanks for sharing
A great post for website security.I hope it will help me stay more safe !
Awesome tip for security. I will suggest in password management we should do two factor authentication.
With new GDPR policies since May 2018 is it allowed to publicly show owners information?
I think it implies a consent from domain owner to make this info available with whois.
What’s you opinion on that?
It’s an interesting question, but I think that’s something for the courts to determine, particularly when it’s European law and many registrars are located in the US. I honestly don’t know if anyone could answer that question satisfactorily right now.