> 14. Login, Admin and Payment pages are on a HTTPs page
This cannot be restated enough. An SSL cert costs anywhere from Free[1] to $10[2] and is invaluable for the logged-in section of your site, and an absolute requirement if you are handling any kind of payment.
The item is phrased badly, however. You need to have HTTPS on the entire site, not just the login page, or the user's session will be vulnerable.
This cannot be restated enough. An SSL cert costs anywhere from Free[1] to $10[2] and is invaluable for the logged-in section of your site, and an absolute requirement if you are handling any kind of payment.
The item is phrased badly, however. You need to have HTTPS on the entire site, not just the login page, or the user's session will be vulnerable.
[1] https://startssl.com/
[2] https://www.namecheap.com/ssl-certificates/comodo.aspx