A Successful Website is a Secure One

By on Thursday, December 19, 2019

Imagine this. You log onto your computer or go online with your phone or tablet, and type in the URL for your nonprofit organization’s website. Instead of seeing your well-organized home page and graphics, a red backdrop and warning messages tell you that this is a potentially dangerous website. Your home page is nowhere to be found. You panic – wondering what your donors, supporters, volunteers and clients are all thinking.

For one of my nonprofit do-gooder clients recently, this scenario was all too real. Their site was attacked and went down. After two weeks of hassle, phone calls to their hosting service, and angst, they finally got their site back online. But it happened only because their website manager rebuilt much of the site from scratch. Why did this happen? They had initially used a web hosting service that didn’t include a security package or backups (these services were sold a la carte), because it was cheaper.

It was an expensive lesson to learn. While their site was down, thank you emails to donors didn’t go out, because there was no where to refer donors to see photos or learn more. Discussions for a new fundraising and volunteer partnership with another nonprofit organization ceased while the site was down too. The loss in potential volunteers, donations, and awareness were huge.

Keeping your website secure is one of the most important things website managers can do. Think of all the functions your website carries out for you. It’s your public face to the world. It’s where you share your story, invite people to help, highlight your programs, raise funds, and manage schedules, events and more.

Don’t think that just because your cause is a good one, that your website will be immune to an attack. Here are a few things you can do to beef up your website security:

  1. Use secure passwords. Make sure everyone uploading content who has access to your site is using a secure password. Pick something that is tough to figure out. Do not use words that can be found in a dictionary and add numbers and special characters to your password. Change passwords regularly (every month if possible) so they stay secure.
  2. Get a secure website hosting service. Talk to your hosting service about the security protocols in place and subscribe to security packages if you are using an a la carte service. Make sure they include a backup option. If your site is hacked, you can lose valuable information if your web files are destroyed. Having a backup means you can restore your site to the time period before it was hacked.
  3. Consider using an SSL certificate for your entire site. The letters in https stand for “hypertext transfer protocol secure.” Any web page using this protocol is secure. Any web page asking users to login or asking for payment information should be on an https. You can even set up your entire site on an https if you want.
  4. Lock down your website folder permissions. Your website files live in folders on a server. Anyone with the right skill set can crack into those folders and cause havoc. You can stop this from happening by assigning security permissions to those files and folders on your back end.
  5. Update website platforms and scripts. Check your plugins and tools for updates and make sure you are using current software. Update the software used on your website platform. If you use WordPress (like my client), it’s very important you run the most updated version of WordPress to avoid potential threats (and install the security plugins too).
  6. Lock down your site where vulnerabilities emerge. Hackers can insert malicious code in something as simple as a blog comment or through a search box. You can limit some attacks by inserting a Content Security Policy (CSP) into your website code. This limits the amount of Javascript on your site. Setting up parameterized queries and using secure forms can make your site safer too.

Securing your website is important. If your website gets taken down by hackers, you will lose more than just some nice copy and photos. You may also lose potential clients, volunteers, supporters, and donors.

An earlier version of this post first appeared in Instigate magazine, published by the Citygate Network. Ami Neiberger-Miller is a public relations strategist and writer. She is the founder of Steppingstone LLC, an independent PR practice near Washington, D.C. that provides public relations counsel, social media engagement, writing services, and creative design for publications and websites (contact to discuss your projectreview our portfoliosign up for our e-newsletter). She blogs about media relations, social media, public relations, and work-family balance. Follow her on Twitter @AmazingPRMaven

Everyone wants to know what you think.

Pin It on Pinterest