Website security

No. Most of the points boil down to going to a specific site (e.g. ssllabs.com), entering your address and reading the result. The sections on CMS updates and password management require access to the admin panel - not the server or code. The only exception is the configuration of HTTP headers, which requires editing the .htaccess file or server settings - here it is worth asking for help from the developer or hosting administrator.

In Poland, the supervisory authority is the UODO, which can impose a fine of up to 4% of global annual turnover or €20 million (depending on which is higher). In practice, the first inspections affect e-commerce and financial companies, but the trend is unmistakable - the number of prosecutions is growing year on year. In addition to the financial risk, a non-compliant banner sends a signal to users: research shows that 60% of people consciously assess the credibility of a company by the quality of legal messages on the site.

The minimum is a backup once a day for stores and sites with dynamic content, once a week for business card sites with infrequent changes. Storage location is key: backup on the same server as the site does not protect against server failure or ransomware attack. Store copies in a separate location - external S3 (e.g., Backblaze B2 costs about $6/month for 1 TB), Google Drive or dedicated solutions like JetBackup. Test restores once a quarter - a backup you've never restored is a backup that may not work.