- A web domain requires registration of holdership with a holder name that exists.
- As administrative contact of a web domain, preferably choose the person who manages the administrative affairs and without a private name such as managementdesk@.
- As technical contact of a web domain, preferably choose the person who can take immediate action in case of a technical issue and without a private name such as techdesk@.
- Ensure a quarterly check using suitable tools on the web, such as F12 warnings in web browsers.
- Guarantee your own control of the (VPS) server, which makes a switch to another site designer manageable.
- Specialized DNS management offers varying authorization, tracking changes and two-factor authentication per user.
For customer setup:
- SSL security certificate is often free and automated, so an improvement may be possible.
- The setting for redirecting to HTTPS (in the .htaccess file) is often inadequate, so take care of the stabilization once.
- Responsibility for the DNS lies with the customer. Setting up by the hosting provider is not enough, so provide the required knowledge.
- For security headers of the customer, support from the hosting provider can not take responsibility (eg for Content-Security-Policy and Feature-Policy).
For hosting providing:
- Choose a hosting company that works with good name server technology for DNSSEC.
- Stay state-of-the-art via fast SSD, fast HTTP / 2, IPv6 and ciphers / SSLVersion TLS that fit.
- Shared hosting can work with a limited number of domains in a cluster per IPv4 address; check with: https://viewdns.info/reverseip/
- Restoring a backup is often possible with shared hosting.
- Datacenter-redundant: storage in three data centers close to each other, is a new way of hosting.
- In case of GDPR requirements, try to store data in your own country, without the right of inspection by the U.S. in an American company.