Photo by kevin dooley

Two lists with a seasonal flair from web security provider Sucuri!

“Naughty” features include outdated software, resused passwords, every user is an Administrator, and no automatic backups.  They also point out that if you’ve got more than one website it’s a security risk if they’re all kept in the same folders on your server.  (That’s standard practice for shared-hosting setups like GoDaddy or Bluehost.)  Naughty features according to Securi include having all default settings (allowing anyone to create an account, for instance!) and not having strong security for login attempts.

We’d add that sites should have the latest server software (databases, programming languages) as well as a “green lock” security certificate to protect site visitor privacy.  Note: quite a few hosting companies should get coal in their stockings for not updating their servers or offering free security certificates.

“Nice” features include keeping all site and server software updated, backed up, and secured, only one Administrator’s account with everyone including the owner using an Editor’s account for day-to-day use, having only those plugins and themes necessary to support the features you need, and routine security scans.

Some of the other features on Securi’s list include possibly self-serving features that their plugins and cloud-services happen to provide.  And while we agree those can be a good idea too we’re not yet convinced they’re make-or-break.

Not to put in a plug or anything but if there’s a website on your holiday shopping list that needs a year-end checkup we’d love to help.