Making Your Church Website Safer

Internet hackers are finding church websites to be easy targets for installing viruses and malware.  In fact, church websites have unseated pornographic sites as one of the riskiest places for the safety of your computer. Web users are three times more likely to encounter malware (the stuff responsible for virus, spam and the like) on a church website than an adult site.

All of this comes from an annual internet security report by the makers of Norton AnitVirus.  The explanation for this is fairly simple.  Many church websites are built or maintained by novices who don’t really understand the workings of their website. Maybe a volunteer built the website and didn’t know how to properly protect it.  Or it could be the site is old and has never gone though a content management system upgrade.  Whatever the reason, the issue of church sites being full of viruses is a major issue—especially from a visitors perspective.

Sadly enough, I’ve seen the results of hacked church websites firsthand. I was cruising around the internet looking for church website examples for a presentation.  More than once, I’d click on a link and get a warning page from Google saying it wasn’t safe to go to that particular site because of malware issues.  If everything your church does says something about who you are, what was this warning page saying?

So what to do?  I turned to my friend Marc Miller, the web guy at ReFrame Media, and asked him what advice he’d give churches for making their sites less susceptible to hacking.  Here are his tips.

• Use secure, long passwords.  Longer is more important.  There is a lot of math to back this up, but a long password is harder for a hacker or their computer to crack.  We often think complicated, with an asterisk or a number is better.  But complicated and hard to remember doesn’t equal better.   

• Web Forms are the most unsecured portion of your site.  There are areas like contact forms, comment forms and discussion boards. Your code for processing these forms needs to be secure so hackers can't inject malicious code into your database. Content management systems usually handle this security for you, but if you create your own site from scratch, this is something to think about.

• Make sure you always stay up to date with the latest versions of your content management system and any related plug-ins.  Updates usually include security patches. 

Websites aren’t something you can set and forget.  They take regular maintenance.  You should budget for that yearly, just like you do for things like keeping the lights on.  You website is your front door.  Don’t risk your reputation over an unsafe website.