The Essential Security Checklist For Every New Site

The Essential Security Checklist For Every New Site

Creating a new website means exposing it to the online world. Unfortunately, that also means exposing it to hackers. Put simply, hackers aim to make money online by abusing your website for fraudulent activities.

For instance, your website could be part of an online botnet that spreads malware, infecting other networks. This is often hard to detect and website owners are unaware of being targeted by hackers.

In this guide, we have listed the essential security measures that every new website owner should follow.

Check them out below!

1) Secure Web Hosting Service

The first step towards protecting your new website starts with a good web host.

Most hosting providers invest in dedicated security teams, yet some providers focus to have outstanding security as one of their USPs (Unique Selling Points).

A web host with a good security team will monitor the latest vulnerabilities in order to implement the required security measures into their firewall and other protection tools.

2) Admin Username & Password

The default username and password for WordPress websites was “admin” in the past. However, this was changed because this basically created a paradise for hackers. It was kids play to login on WordPress websites using the default login details since many new website owners did not change this.

Still, many people use “admin” as the username and only change the password. This leaves a website vulnerable to brute force attacks and scripts that will run a code in order to guess the password.

3) Strong Password + NEVER Reuse Passwords

I can’t repeat it enough.

And I still hear it way too often, people using the same password combinations for different accounts or give the actual answer to a “Secret Question”.

“What’s the name of your first child?”.

And they submit the correct answer. Imagina how easy this is for hackers to guess since the existence of social media like Facebook.

Always, yes ALWAYS, use a strong and unique password for all of your accounts. Plenty of password generators are available online that will generate a very strong password for you.

For example LastPass password generator.


4) WordPress auto updates

In addition to your web host, WordPress has a dedicated security team that releases updates to improve the platform’s security continuously.

It’s important to enable auto updates in order to constantly implement the latest improvements to the platform.

5) Theme is updated at all times

Similar to WordPress auto updates, you should enable auto updates for your theme as well.

If you enable WordPress auto updates but not update your theme, potential threats and vulnerabilities still exist due to holes in your theme’s security.

6) Secure wp.config.php

The wp.config.php file is one of the most important core files of WordPress. It stores information about the database, hostname, username, and password.

In order to restrain unauthorized access to your wp.config.php file, it’s recommended to add the following piece of code to your .htaccess file:

order allow,deny

deny from all

In addition, change the permissions of the file, so that only your webserver has authorization to access it. This can be done by logging in to your cPanel and change the settings.

7) SSL Certificate

The communication between a website and an internet browser is secured and encrypted by an SSL connection. You can recognize a secure website shown in the image below:


Make sure to get a sitewide SSL, which means that every page on your website is secured. Information flowing outside the SSL environment can be easily intercepted and misused as it’s in plain text format.

8) Install security plugin

Install a good security plugin like Defender, Shield Security or All in One WP Security when launching a new website.

These plugins are outstanding to improve protection layers and minimize the risks of being hacked.

Extra tip: Protect your website from getting spammed by installing Akismet plugin. It’s considered the best anti-spam plugin.

9) Backup

The benefits of having a backup of your website is, whenever things go sideways, you can always rely on a backup file containing all your website’s data, stored in another location.

There are 3 ways to backup your website:

  • Create a backup with a plugin
    1. Download a backup plugin like BackupBuddy
  • Create a backup through your web host
    1. Login to the cPanel of your web host
  • Create a backup manually in a cloud storage
    1. With direct access to your website server through file manager or FTP. you can make a copy of the “public_html” folder. Simply download and copy all the files within the “public.html” folder and upload it to a cloud storage.
    2. For WordPress websites, copy and download all the files within the wp-content directory and wp.config.php file.

Let’s wrap it up.

Take the security of your website serious, regardless the size of your site. Hackers target any website, big or small, to abuse them for criminal activities.

Therefore, it’s important to take above-mentioned precautions when it comes to your website’s security. It strengthens the defense of your website against malicious bots and hackers but also protects your customer’s data.


Bill here from My blog is all about making the world of online security accessible to everyone. I pride myself in writing guides that I’m certain even my own mom could read! Be sure to head over to my blog if you’re interested in keeping your private information just that: Private!

About the Author

Leave a Reply