3 Reasons to Prevent Your Nonprofit WordPress Website from Getting Hacked
July 17, 2019
If you’re part of a busy nonprofit communications team, your WordPress website updates probably aren't high on the priority list - but they should be.
It’s hard to stay on top of the site maintenance but in the back of your mind, you know it needs to be done.
You can’t seem to move forward:
- Day-to-day operations take up most of your time like managing the board, volunteers, fundraising, budgeting, and marketing.
- Members of your team also don’t feel comfortable updating your WordPress site without breaking it.
- The website isn’t on your board’s radar because they don’t understand why website security is important.
Everyone thinks not a problem to push updates off for a few more weeks.
But while your site gets left in the dark every month, a hidden security risk grows.
It’s a matter of time before your website gets hacked.
Does this sound like a familiar situation with your organization?
In this article, you’re going to learning three reasons why your nonprofit’s WordPress website security matters and why it’s important to reduce the risk of a hack from happening in the first place.
1. Your website is an investment that’s worth protecting
When it comes to your nonprofit’s website, it’s probably the most important tool your communications team uses every day for digital marketing.
Your team spends a lot of time, energy, and resources making sure it communicates well, is easy to use, and users find what they want.
Your website serves multiple purposes for your organization’s needs, it:
- Generates interest and increases engagement with your audiences
- Connects people to your mission and programs
- Provides ways for donors, volunteers, and new people to learn about what you do and support why your work matters
- Lets you share advocacy, news, and inspires supporters to attend your events
The last thing you want added to your list is trying to figure out how to fix a site that’s been suddenly hijacked or taken offline.
It’s important to provide a positive, reliable, and consistent experience for your online audience. It builds trust and loyalty.
Happy fans will share your website with their friends and constituents which helps increase your reach.
Security is not a singular event or action, but rather a series of actions. It begins with good posture and the responsibility begins and ends with you.
~ Tony Perez, Sucuri Security
2. Your website’s visitor data is gold to hackers
When a visitor makes a donation, becomes a member, or registers for paid events on your website, they will be sharing their Personally Identifiable Information (PII).
If you’re using Give, Classy, Salesforce, Salsa, or WooCommerce forms on your site, this information will be submitted through WordPress during the payment process.
Examples of PII your website will collect:
- First and last name
- Email address
- Phone number
- Home and billing address
- Credit card information
Making the mistake of not updating plugins, backing up files, changing usernames, using strong passwords, or investing in premium web hosting as a priority will open your WordPress website’s doors for attackers to easily gain access to this personal data.
User data is gold on the dark web
To a hacker, your website’s visitor data that’s being collected is very valuable. If they can steal it and store the PII off-site, it can be sold in bulk for high dollar on the “dark web”.
The dark web a part of the internet that you can only access with a special web browser called Tor which completely hides your identity.
Search engines can’t find it and half of the sites have criminal activity like being able to buy stolen credit card numbers, usernames, and passwords. You can even hire a hacker to break into a website.
This is another reason why strong WordPress security practices should on your “must have” list during to reduce the risk of identity theft as much as possible.
3. Getting your website hacked is an expensive problem
If your nonprofit WordPress website gets hacked, it can be a very time-consuming emotionally draining experience.
You feel violated, worried, and it can be really difficult to know where to start.
The time, energy, and resources you spent on your investment will go into trying to fix the security risk that could have been prevented in the first place.
Five types of breaches that can happen:
- 1. Your home page is hijacked and replaced
- 2. Your site may go offline for days to months
- 3. Pages, posts, plugins, and themes are deleted
- 4. User accounts and passwords are compromised
- 5. Donor and member user data are stolen
Getting hacked can be an expensive problem because of long-term ramifications.
Depending on the hacker’s motives for breaking into your site, they could make you pay a hefty ransom to bring your website back online. Today’s norm is $10K.
Even if you pay a ransom to get your WordPress site and files back, there’s no way to guarantee the files haven’t been permanently compromised.
You’d also lose trust with your donors and constituents because they wouldn’t feel safe coming back to your website.
Nonprofit attacks are on the rise
Cyber-scams are becoming more common for nonprofits worldwide and many organizations are largely unprotected from online threats.
Just in the last few years, these incidents happened:
- Save the Children - two years ago, a major international organization was email scammed by a hacker posing as a staff member into transferring $997,400 to a fraudulent business in Japan.
- Utah Food Bank - their website’s got hacked and 10,000 visitors who donated online lost their personal information to identity thieves: name, address, and credit card information.
- Red Barn - got their site hacked as part of a server-wide attack during a fundraising event. The hack was so bad the organization had to remove their website, purchase a new domain name, and rebuild from scratch.
Prevention is the key to strong WordPress security
When it comes to your nonprofit’s WordPress website, reducing the risk of getting hacked should be your top priority to protect your donor data and keep important files safe.
No one should have to go through getting their website compromised with user data being stolen and sold on the dark web.
Here’s a recap of what we covered:
#1: Your website is an investment and the time, energy, and resources spent on it are worth protecting.
#2: Your website’s visitor data is gold to hackers that needs to be protected from hackers wanting to steal and sell it on the dark web.
#3: Getting your website hacked can be an expensive and long-term problem that will affect trust with your donors.
Remember that you want to keep attacks from happening on your nonprofit’s WordPress website from the first place.
Tip: take a step today to keep your organization moving forward because the time, energy, and resources you’ve put into your organization's website is worth it.
By Chuck Spidell, the Nonprofit WordPress Security Expert who helps communications teams free up their time and lock down WordPress from getting hacked.