<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=698042&amp;fmt=gif">
EnvisionIT Solutions Blog Logo
Back to posts

March 17, 2022

A 7-Point Checklist to Safeguard Your Website Against Cyber Attacks

A 7-Point Checklist to Safeguard Your Website Against Cyber Attacks

7-point-checklist-to-safeguard-your-websiteRansomware attacks are on the rise, and they're costing companies an average of over $84,000. What's worse, after ransom payment, there's no guarantee the hackers won't strike again!


Businesses all over the world face malicious attacks from cybercriminals. Make sure your business doesn't get hit next! The best way to avoid ransomware or other cyberattacks? Safeguard your website before the hackers get in.


Read on for our 7-point website security checklist and safeguard your website today. 

1. Install and Verify SSL

SSL is a "secure socket layer". Your browser "talks" to the website you're accessing and verifies a valid SSL certificate. 


If the certificate is valid, then the browser goes to the website. An invalid certificate results in a browser warning or denial of access. 


Enable SSL sitewide and don't let any pages of your website pass in plain text. Remember to verify the details of your SSL certificate often to ensure it's up to date and valid. 

2. Anti-Malware Software

Many web host providers and website builders offer built-in anti-malware. Check your site for anti-malware software. 

Does your site have it? Great. If not, get it immediately. 

3. Operate With the Highest-Standard Encryption

Encryption is crucial for your website. This is what keeps hackers from reading sensitive information. If your encryption standard is old, your security is at risk. Update to the highest encryption standard.


Look at your current SSL certificate. If it's not using a 2048-bit SHA256 standard, replace it. The older SHA1 encryption isn't secure. 

4. Pay Attention to Header Information

Watch out for those "X-powered-by" headers. Don't broadcast your version and type of webserver to the internet community. That makes hacking your site easier for cybercriminals. 

Obscuring these headers is the best practice for making your site more secure.

5. Watch out for Insecure Cipher Suites

If your website allows insecure cipher suites, browsers automatically block users from access. Disable insecure cipher suites, such as RC4, from the webserver. 

6. HTTP Strict Transport Security

Browsers should only communicate with your site over SSL requests. Don't let hackers redirect website requests! This leads to users going to bogus sites and sometimes entering sensitive personal information. 


Always enable HTTP strict transport security to keep your site and visitors safe.


Related Post: Website Security Tips

7. HttpOnly and Secure Cookies

Don't let hackers take advantage of your stored cookies—restrict access with HttpOnly cookies. Updated browsers use HttpOnly cookies which adds an extra layer of protection from hackers. 


These secure cookies transmit across SSL connections only keeping them safe between the server and client. This prevents third parties from intercepting sensitive information.


Watch Our Video: WordPress Security

Pay Attention to the Website Security Checklist

Cybercriminals don't discriminate when it comes to hacking. They attack doctor's offices, small government sites, and small businesses alike, so use this website security checklist to ensure your site is safe.


We understand website security can be an overwhelming topic, but it's necessary for today's digital environment. 


Are you looking for peace of mind with great IT support and security? Contact us here to see how we can help.

Mike Tungate
Hello! I am the Web Services Manager @ EnvisionIT Solutions. I create business websites, help shape a businesses image through branding, and help them grow through content marketing. I am an avid photographer and a lover of musical instruments.
Find me on: