Here’s my top 10 list of things that you can do to protect your website from attack:
1. Use HTTPS Everywhere (https://www.eff.org/https-everywhere) 2. Protect Your Cookies (https://blog.imperva.com/2015/05/protecting-your-cookies/) 3. Secure Your Web Server with ModSecurity (https://www.modsecuritybook.com/) 4 . Harden Your PHP Configuration 5 . Use HTTP Strict Transport Security 6 . Implement Content Security Policy 7 . Enforce TLS 8 . Set Up HSTS Preload 9
https://t.co/RdtYoaUPbb