> 14. Login, Admin and Payment pages are on a HTTPs page
This cannot be restated enough. An SSL cert costs anywhere from Free[1] to $10[2] and is invaluable for the logged-in section of your site, and an absolute requirement if you are handling any kind of payment.
The item is phrased badly, however. You need to have HTTPS on the entire site, not just the login page, or the user's session will be vulnerable.
Remember you are not making the checklist only for you. If you work for a company they need to have prove that the checks have been done correctly. This is a form of auditing.
Also, if you reduce the text on that list then you have a checklist. So basically you generate 2 separate documents. One is the checklist, other one explains it.
This cannot be restated enough. An SSL cert costs anywhere from Free[1] to $10[2] and is invaluable for the logged-in section of your site, and an absolute requirement if you are handling any kind of payment.
The item is phrased badly, however. You need to have HTTPS on the entire site, not just the login page, or the user's session will be vulnerable.
[1] https://startssl.com/
[2] https://www.namecheap.com/ssl-certificates/comodo.aspx