As a nonprofit organization, it is very important to choose a platform with as much baked-in security as possible, as your IT and web developer budget is likely to be rather slim. WordPress is a good choice for a platform, balancing flexibility, ease of use, massive worldwide adoption, and a high level of security.
Have your web developer address as many of these issues with your site when it is built, and ask them to keep your software and your systems updated frequently to take advantage of the latest protection.
Why is this important?
Staying up-to-date is an important goal, but for website owners in the day-to-day, we realize how hard this can be. Whether you’re hosting an informational site about your nonprofit organization, accepting online donations, or have a full-fledged e-commerce setup on your site, WordPress security is paramount. A hacked WordPress site can cause serious damage to your nonprofit revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users. That said, websites are complex beings, and as nonprofit tech leaders, we have 150 different things going at any given time, so sometimes it’s difficult to apply the changes quickly.
What can be done to keep your site secure?
Many of the solutions are very technical and may require your web developer’s assistance. But here is a good list to start with:
- Don’t use admin as a username
- Use a less common password
- Add Two-Factor Authentication
- Employ Least Privileged principles
- Hide wp-config.php and .htaccess
- Use WordPress security keys for authentication
- Disable file editing
- Limit login attempts
- Be selective with XML-RPC
- Hosting & WordPress security
- Stay up-to-date
- Choose the best WordPress security plugins & themes
Contact us anytime if you have questions about website security. We’re here to help!