diff --git a/BEST_PRACTICE.md b/BEST_PRACTICE.md
new file mode 100644
index 0000000000..a860a37698
--- /dev/null
+++ b/BEST_PRACTICE.md
@@ -0,0 +1,27 @@
+# Best Practice <!-- omit in toc -->
+
+- [Security](#security)
+  - [Firewall](#firewall)
+- [Optimization](#optimization)
+  - [Database](#database)
+  - [Queries](#queries)
+
+*This page is a work in progress and by no means complete. If you have any suggestions, please open a PR to extend the list.*
+
+## Security
+
+### Firewall
+
+Protect all Parse Server endpoints using a Firewall. For example, rate-limiting the number of requests per IP address can mitigate the risk of malicious attempts to scape user data, flood your database and simple DDoS attacks.
+
+## Optimization
+
+The following is a list of design considerations to optimize data traffic.
+
+### Database
+
+- Use short field names; field names need to be stored in the database just like the field values; short field names not only require less database storage but also reduce the data traffic between database, server and client.
+
+### Queries
+
+- Use `select` and `exclude` to transfer only the fields that you need instead of the whole object.
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 162cf851d8..e4f1ef1864 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -150,6 +150,7 @@ ___
 - Add CI check to add changelog entry (Manuel Trezza) [#7512](https://github.com/parse-community/parse-server/pull/7512)
 - Refactor: uniform issue templates across repos (Manuel Trezza) [#7528](https://github.com/parse-community/parse-server/pull/7528)
 - ci: bump ci environment (Manuel Trezza) [#7539](https://github.com/parse-community/parse-server/pull/7539)
+- docs: add best practice page (Manuel Trezza) [#7541](https://github.com/parse-community/parse-server/pull/7541)
 
 ## 4.10.3
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.2...4.10.3)
diff --git a/README.md b/README.md
index 7137ec153c..47adb6f719 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,7 @@ The full documentation for Parse Server is available in the [wiki](https://githu
       - [Reserved Keys](#reserved-keys)
       - [Parameters](#parameters-1)
   - [Logging](#logging)
+- [Best Practice](#best-practice)
 - [Deprecations](#deprecations)
 - [Live Query](#live-query)
 - [GraphQL](#graphql)
@@ -740,6 +741,10 @@ Logs are also viewable in Parse Dashboard.
 
 **Want new line delimited JSON error logs (for consumption by CloudWatch, Google Cloud Logging, etc)?** Pass the `JSON_LOGS` environment variable when starting `parse-server`. Usage :-  `JSON_LOGS='1' parse-server --appId APPLICATION_ID --masterKey MASTER_KEY`
 
+# Best Practice
+
+See the [Best Practice](https://github.com/parse-community/parse-server/blob/master/BEST_PRACTICE.md) page for security considerations and common server and database optimizations.
+
 # Deprecations
 
 See the [Deprecation Plan](https://github.com/parse-community/parse-server/blob/master/DEPRECATIONS.md) for an overview of deprecations and planned breaking changes.