This has a lot of good information in it and I put a lot of time into it, but I do realize it is hard to read since Hacker News doesn't start things on new lines. If someone can tell me how to do that if it is possible that would be great. If not here it is on Pastebin - <a href="http://pastebin.com/MspKq8sz" rel="nofollow">http://pastebin.com/MspKq8sz</a>.<p>Here is what I recommend for website security (this is a lot of advice and is not perfect - if you want me to write this up in a detailed blog post and cover more things let me know)... I also provided my contact information at the bottom if you have any questions or need any help settings this up.<p>Domain Registrar:<p>1. Melbourne IT - <a href="https://www.melbourneit.com.au/" rel="nofollow">https://www.melbourneit.com.au/</a>
2. Namecheap - <a href="https://www.namecheap.com/" rel="nofollow">https://www.namecheap.com/</a>
3. Gandi - <a href="https://www.gandi.net/" rel="nofollow">https://www.gandi.net/</a><p>- Enable WHOIS protection
- Enable domain locking - if you want more details on how to set this up let me know
- Enable email notifications and make sure you keep your account information up to date
- Log in from a computer using a VPN (I use and recommend proXPN - <a href="https://proxpn.com/" rel="nofollow">https://proxpn.com/</a>) which encrypts your connection<p>DNS<p>1. Any of the domain registrars mentioned above
2. CloudFlare - <a href="https://www.cloudflare.com/" rel="nofollow">https://www.cloudflare.com/</a> (offers performance benefits as well) Their DDOS protection, DNS, and performance benefits are why I use and recommend them. They are not very good in terms of their WAF or website security and that is why I use and recommend Sucuri as well.
3. DNS Made Easy - <a href="http://www.dnsmadeeasy.com/" rel="nofollow">http://www.dnsmadeeasy.com/</a><p>- Follow advice from passwords section
- Delete unnecessary DNS records
- Enable DNSSEC if possible<p>Email Hosting<p>1. I recommend that you use Google Apps for Business - <a href="https://www.google.com/enterprise/apps/business/" rel="nofollow">https://www.google.com/enterprise/apps/business/</a>.<p>- Follow advice from passwords section
- Take advantage of the security Google offers<p>Passwords<p>1. Create strong passwords using a password generator. I use GRC's Password Generator by Steve Gibson. - <a href="https://www.grc.com/passwords.htm" rel="nofollow">https://www.grc.com/passwords.htm</a>
2. Store your passwords in a password manager such as LastPass. - <a href="https://lastpass.com/" rel="nofollow">https://lastpass.com/</a>
3. With LastPass use a strong master password, limit login attempts to your country and the ones you travel to frequently, use two factor authentication, don't use a password reminder, don't write down your master password - only memorize it and don't ever share it, change your master password at least slightly every 3 months, and disable logins from the TOR network.
4. Use the same password only once (Don't use the same password on multiple sites).
5. Don't store your passwords in the browser or save them, so you are automatically logged in.
6. Make sure your password is at least 15+ characters (I use 50+ characters) and it contains lowercase letters, uppercase letters, numbers, and special characters.
7. If a site requires a secret question, make sure the answer to that question no one else would know or make it a password or phrase that you would remember.
8. Use the browser add-on HTTPS Everywhere and use Mozilla Firefox or Google Chrome as your browser.
9. Try to not share your passwords - I would like to say never share your passwords, but I know that is not possible :). If you have to share your passwords, do so using LastPass, change the password after they are done, make sure they haven't done anything that looks malicious, have a clear plan of what they need to do, and ask them how long it will take them.<p>Website Security<p>1. Backup your site - I recommend and use Sucuri Backups - <a href="http://sucuri.net/services/website-backups" rel="nofollow">http://sucuri.net/services/website-backups</a> (it is $5 a month per website)
2. Use monitoring, alerting, and a removal service - I recommend and use Sucuri - <a href="http://sucuri.net/signup" rel="nofollow">http://sucuri.net/signup</a><p>It is $89.99 per year for one website. The service includes 3 main areas which are monitoring (<a href="http://sucuri.net/services/website-scan-malware-detection" rel="nofollow">http://sucuri.net/services/website-scan-malware-detection</a>), alerting (<a href="http://sucuri.net/services/alerting" rel="nofollow">http://sucuri.net/services/alerting</a>), and removal (<a href="http://sucuri.net/services/malware-removal" rel="nofollow">http://sucuri.net/services/malware-removal</a>). You can use any of those links for further details.<p>3. Use a WAF - I recommend and use Sucuri CloudProxy - <a href="http://cloudproxy.sucuri.net/signup" rel="nofollow">http://cloudproxy.sucuri.net/signup</a> ($9.99 a month for the most basic plan - the two other plans are $19.98 and $69.93 per month)<p>4. There could be a lot more in this area, but that should do a pretty good job for you. If you are using a CMS such as WordPress, Joomla, or Drupal you have quite a bit more you can do in this area.<p>Hosting<p>1. It honestly depends on your needs, so I am not going to recommend anyone specifically. If you want help with this or anything you can find my contact information at the bottom.<p>Network Security<p>1. Use WPA2 for the encryption protocol
2. Make your network name random
3. Make your password to connect to your network very strong
4. Change the default login credentials to login to your network to a secure username and password.
5. Disable Wi-Fi Protected Setup (WPS)
6. Configure OpenDNS at the router level - <a href="http://www.opendns.com/" rel="nofollow">http://www.opendns.com/</a>
7. Follow the passwords section for your passwords<p>Computer Security<p>1. Use a antivirus program (Antivirus for Mac by Sophos for MAC computers and Microsoft Security Essentials or Avast for Windows)
2. Use an anti-malware program (Malwarebytes Antimalware and Malwarebytes Anti-Exploit for Windows)
3. Use a firewall (Windows Firewall or TinyWall for Windows)
4. Keep your operating system updated
5. Keep your programs updated (Secunia PSI or FileHippo Update Checker for Windows and AppFresh for MAC)
6. Remove Java and Quicktime if you don't need them
7. Replace Adobe Reader with Foxit Reader or Sumatra PDF
8. Make sure you keep Adobe Flash Player up to date
9. Uninstall programs that you don't need or don't use
10. Only download things from trusted sources (the browser extension Web of Trust would help with this)
11. For your browser make sure you are using Google Chrome or Mozilla Firefox. For Google Chrome and Mozilla Firefox, I recommend that you use Adblock Plus, Disconnect, and HTTPS Everywhere). If you want to be very secure and are somewhat technical, I recommend that you also use NoScript for Mozilla Firefox and NotScripts for Google Chrome.<p>If you have any questions you can email me at [redacted].