For management:

1. A web domain requires registration of holdership with a holder name that exists.
2. As administrative contact of a web domain, preferably choose the person who manages the administrative affairs and without a private name such as admindesk@.
3. As technical contact of a web domain, preferably choose the person who can take immediate action in case of a technical issue and without a private name such as techdesk@.
4. Ensure a quarterly check using suitable tools on the web, such as F12 warnings in web browsers.
5. Guarantee your own control of the (VPS) server, which makes a switch to another site designer manageable.
6. Specialized DNS management offers varying authorization, tracking changes and two-factor authentication per user.

For customer setup:

1. SSL security certificate is often free and automated, so an improvement may be possible.
2. The setting for redirecting to HTTPS (in the .htaccess file) is often inadequate, so take care of the stabilization once.
3. Responsibility for the DNS lies with the customer. Setting up by the hosting provider is not enough, so provide the required knowledge.
4. For security headers of the customer, support from the hosting provider can not take responsibility (eg for Content-Security-Policy and Feature-Policy).

For hosting providing:

1. Choose a hosting company that works with good name server technology for DNSSEC.
2. Stay state-of-the-art via fast SSD, fast HTTP / 2, IPv6 and ciphers / SSLVersion TLS that fit.
3. Shared hosting can work with a limited number of domains in a cluster per IPv4 address; check with: https://viewdns.info/reverseip/
4. Restoring a backup is often possible with shared hosting.
5. Datacenter-redundant: storage in three data centers close to each other, is a new way of hosting.
6. In case of GDPR requirements, try to store data in your own country, without the right of inspection by the U.S. in an American company.