- Uninstall and remove from your server any packages you are not really using
- Make sure the site is connected to the community so you get updates when (if) they come out for both the core and packages
- remove all user accounts that are not in use (leftover accounts from previous managers for instance)
- Look for HTML5 boilerplate in Github and implement everything from their .htaccess file that improves security (stuff for stopping the server from giving away too much information for instance)
- If not already done, modify your header to not show C5 version number
- if C5 is loaded from the updates folder, modify the folder's name to not give away the version number and modify the config/updates.php file to reflect the change
- Check your chmod values to make sure your files are not accessible to everybody
- have a SSL certificate and switch to https
how can this be done? Can you provide some pointers how to check this, and what chmod value would represent everyone access to the files?
Is there a default chmod value, and by default is that everyone access to the files if they knew the path?
You can do that from your host's file manager, usually accessible through cPanel. You will have an option to set permissions.
You can also do that from an FTP client that you would use to access your files and folders on the server.
The values you should use are explained here:https://documentation.concrete5.org/developers/installation/installa...
Most (good) hosts will have a tutorial on their website explaining how to do this kind of thing using their interface.