Website Security Checklist (2026)
2026-03-18
Guides
Security
Checklist
A practical checklist to improve your website security posture: ports, TLS, headers, and monitoring.
Why this checklist matters
Security issues that cause the biggest damage are often the simplest ones:
- Publicly exposed admin ports (SSH/Redis/etc.)
- Weak TLS configuration
- Missing security headers
- No monitoring or alerting
Quick checks
1) Close dangerous ports
If a service must be reachable, restrict it by IP and require strong auth.
# Example: block Redis from the public internet
sudo ufw deny 6379
sudo ufw reload
2) Enforce HTTPS
Always redirect HTTP → HTTPS and enable HSTS.
3) Add essential security headers
Minimum recommended:
| Header | Why it matters |
|---|---|
Strict-Transport-Security | Force HTTPS |
Content-Security-Policy | Reduce XSS risk |
X-Content-Type-Options | Block MIME sniffing |
X-Frame-Options | Reduce clickjacking |
What to do next
Run a scan, fix critical/high issues first, then iterate.