Website Security Checklist for Beginners

Security doesn't have to be complicated. Following this checklist will put you well ahead of most website owners and significantly reduce your risk of being compromised.

SSL & HTTPS

• Ensure your free Let's Encrypt SSL certificate is active (check in cPanel › SSL/TLS Status).
• Enable Force HTTPS Redirect in cPanel Domains settings.
• Fix any mixed content warnings so all resources load over HTTPS.

Account Security

• Use a strong, unique password for cPanel - at least 16 characters.
• Enable Two-Factor Authentication (2FA) in cPanel under Security.
• Change default FTP and database passwords from their initial values.

Software & Updates

• Keep your CMS (WordPress, Joomla, etc.) updated to the latest version.
• Update all plugins and themes regularly.
• Remove any plugins, themes, or scripts you no longer use.

File & Server Security

• Set correct file permissions: 644 for files, 755 for directories.
• Set wp-config.php to 600 if you use WordPress.
• Enable ModSecurity in cPanel for your domain(s).

Backups

• Verify your JetBackup backups are running and contain recent data.
• Consider keeping an off-site backup copy for critical sites.

Monitoring

• Install a security plugin (Wordfence for WordPress) for active monitoring.
• Set up email alerts for failed login attempts.

Need help with any of these steps? Contact our support team and we'll be happy to assist.