Securing your Website

Apr 10, 2013 | Blog, Website Security

A trusted website such as your nonprofit’s is the last place from which you’d expect visitors to get a virus. After all, it’s your website, and your organization built it (or relied on a volunteer to build it or paid a trusted individual or firm to build it). Why shouldn’t you and your visitors trust it?

code roundYour website is probably more vulnerable to malicious attacks and being hacked than you are probably aware. In an earlier blog post, I explained the difference between dynamic and static websites. More website owners than ever before are converting their websites into a dynamic format, which rely on a database backend. Dynamic websites often incorporate an editor that a website owner can use to update content through the web browser. As explained in the earlier blog post, examples of dynamic websites include sites that run off of “Content Management Systems” (CMSs) such as WordPress or Drupal. Our website (Barred Owl Web) runs off of WordPress.

The ability for someone to do more with less technical know-how brings potential vulnerabilities one may not be aware of. Because WordPress and Drupal (and other CMSs) are used by so many website owners, and because they are complex systems, it is no wonder bugs and security vulnerabilities are found.

As of this writing, if you visit the National Vulnerability Database and search for either “WordPress” or “Drupal”, you will see 492 and 626 results, respectively. Granted, many of these are either very old or irrelevant. But the fact remains that many vulnerabilities do exist in many shapes & sizes, and website owners must be vigilant about taking steps to protect their websites.

Here are just a couple steps you can take to protect your website from would-be hackers:

Always keep your website code up-to-date.

This is probably the most important step you can take to keep your website secure. Maintainers of Content Management Systems are constantly updating and revising code, and implementing bug fixes and addressing security concerns. The vast majority of websites are hacked because their owners fail to update the CMS code when updates are made available.This is extremely important because not only do the various vulnerabilities exist in outdated code, but the vulnerabilities are made public, so if an attacker wanted to hack your website, that person would only have to try to use an exploit made publicly available.

Use HTTPS.

Most web traffic that flows to and from a user’s computer is unencrypted. A person who gains access to any part of the connection between you and a website (either legitimately such as a network administrator, or illegitimately, such as a hacker) can very easily see the user’s activity – what pages they visit, what information they submit, etc.

Think of it this way: You write a letter to your best friend and put it into the mail. If it was on a postcard that you did not put into an envelope, then any mail carrier along the way would be able to read what you wrote. However, if you put the letter into an envelope, then no one would be able to read what you wrote (without tampering with the envelope). HTTPS adds a layer of encryption to your web traffic so it is much harder for would-be attackers to “sniff” and read information you send and receive from a website, including usernames and passwords (Note that I did not use the word “impossible” here – it is still very possible, with the right tools and know-how, to break HTTPS encryption).

“HTTPS” connections require a SSL certificate, which can cost as little as $15 per year. Implementing SSL is not hard or complicated for a web developer. If possible, you should ALWAYS use SSL (HTTPS) communication when you login to your website and make changes to it.


Millions of people have malicious intent on the internet, and it is your responsibility to keep your own website safe. You should always keep your website code up-to-date, and if possible, you should use HTTPS. By following just these two suggestions, you will reduce the likelihood that your website gets hacked.

Learn more about us or what we do, or visit our home page.

Why Choose Barred Owl Web?

The Barred Owl Web team is technically proficient, extremely responsive and provides a high level of customer satisfaction.  We highly recommend Barred Owl Web for web development, technical, and customer support.
– Enrique Fiallo, Director of Technology, NET Institute

Barred Owl Web is the hosting company to call first for nonprofits. Their solutions-oriented, customer – and client – focused approach to web hosting provides agencies the ability to consistently and reliably get their messages out to those who need to hear it. You can count on Barred Owl Web to be responsive to the unique needs of your agency. Barred Owl Web’s customer service is exceptional, and it is kind. Contact them and see for yourself!
Rebecca Whelchel, Executive Director, Metropolitan Ministries (MetMin)

Barred Owl Web has always been responsive to our needs as a small nonprofit. They have helped us immensely with issues like Web server security updates and PCI compliance.
Evan Donovan, Web Developer, Tech Mission

Contact Us

423.693.4234
info@barredowlweb.com

P.O. Box 21514
Chattanooga, TN 37424

5 + 5 =