Backups being stored. We look for evidence that backups are being made of your site.
Linux hosting. We verify that your site is running on a linux server environment.
No web server security issues. We look for known web server security issues.
No publicly accessible backups. We look for publicly available backups that might contain
sensitive site information.
Backups are frequent. We evaluate that your site is being backed up adequately.
SSL installed and configured correctly. We look to see that the site has an SSL certificate installed and configured correctly. SSL certificates ensure that site traffic between your server and your site visitors is encrypted.
No credit card data stored on site. We look for evidence of credit card information stored on your site or in your database.
File permissions set correctly. We check to see that file and directory permissions appear to be
set correctly. PHP version updated. We look to see that the server is running an updated version of PHP.
No suspicious cron jobs. We look for suspicious cron jobs.
End-to-end encryption/cloud-based WAF. We look for evidence of cloud-based WAF breaking
Strong cpanel/hosting password. We evaluate whether the hosting panel password is strong and appears to be unique from other passwords.
Strong FTP password. We check to see if the FTP password is strong and appears to be unique
from other passwords.
Using SFTP. We check to see if the site is using SFTP to ensure for secure file transfers. SSH unused or secured. We check to see if the site has SSH secured or disabled.
No .my.cnf files. We check for any .my.cnf files in your hosting account containing sensitive credentials.
Only one MySQL database user. We look for extra MySQL database users.
MySQL user has appropriate permissions. We ensure the MySQL database user has appropriate permissions to access and modify the database.
Strong MySQL database user password. We evaluate the MySQL database user’s password.
Remote database access disabled. We look for remote database access capabilities on your site.
No custom MySQL database connections. We review the site code to look for any extraneous
PhpMyAdmin updated. We determine if the host’s version of PhpMyAdmin does not have security issues.
Tables are optimized. We check to see if database tables require optimization.
Database version updated. We ensure that the database version is adequately updated.
Check email deliverability and server reputation
Review blacklists to ensure your site is not listed (e.g. Spamhaus, Barracuda)