Search Knowledge Base Articles

Security Audit Checklist

1. Server Security

  • ✅ **Firewall**: Enable (e.g., UFW for Linux).
  • ✅ **SSH**: Disable root login (use sudo).
  • ✅ **File Permissions**: 644 for files, 755 for directories.

2. CMS/Application Security

  • ✅ **Updates**: All plugins/themes/core updated.
  • ✅ **User Roles**: Remove unused accounts (e.g., "admin" user).
  • ✅ **Two-Factor Auth (2FA)**: Enforce for all admins.

3. Data Protection

  • ✅ **SSL**: Valid certificate (no "Mixed Content" warnings).
  • ✅ **Backups**: Encrypted and stored offsite.
  • ✅ **Password Policy**: Minimum 12 characters with symbols.

4. Code Security

  • ✅ **Input Sanitization**: Prevent SQL/XSS attacks.
  • ✅ **.htaccess**: Block directory browsing: 
    
Options -Indexes
Note: Schedule quarterly security audits! 📅

Did you find this article useful?


Related Articles

  • Pre-Launch Website Checklist .

    1. Technical Checks ✅ **Broken Links**: Scan with Screaming Frog. ✅ **SSL Certificate**: Ensure HTTPS is enforced (no mixed content). ...

  • Post-Deployment Verification Steps

    1. Immediate Checks ✅ **Homepage**: Load speed and responsiveness. ✅ **Forms**: Submit test entries (e.g., contact form). ✅ **Anal...

  • Client Handoff Documentation

    Client Handoff Documentation 📄 1. Access Credentials Service URL Username Password Hosting https://hostinger.com client@domain.com encryp...