SmartCause Digital

A Beginner’s Guide to Nonprofit Website Security

May 2, 2017


Tell me if this is true for you:

You know that if you had a little more tech knowledge in your toolbox, you’d be able to…

  • work faster,
  • troubleshoot on your own or
  • choose the best solution.

You’re in good company.

Most of us don’t have formal training in websites. (My degree is in political science.)

We’re just teaching ourselves what we can, when we can, as best we can.

I’m here to help you learn the tech skills that can help you work faster, troubleshoot on your own or choose the best solution.

In today’s resource, I’m teaching you core principles that you need to understand about website security.


Thou shall transmit thy data securely

Search engines, content management systems and social media platforms all want your website to use HTTPS.

In a couple of years, you won’t even have a choice. Your website will have to be HTTPS.

What’s HTTPS? It’s a method of transmitting information to/from your website users via a secure connection.

For example, if I enter my name and email address to subscribe to your email list, my information will be transmitted securely if your website uses HTTPS.

Start here: Your website is not finished. You forgot HTTPS. →


Thou shall keep thy software updated

Keeping your website software updated feels kinda like brushing your teeth - tedious.

It’s also the best way to avoid both small tech headaches, like forms that stop working, and large tech headaches, like a hacked site.

Learn the why and the how: A Guide for Accidental Techies: Updating Website Software →


Thou shall choose a high-quality web host

Most of the “Oh no, our website is down/hacked” emergencies that I’ve come across with nonprofits were caused by a low quality host.

Investing in a good web host can feel like a burden, but believe me, a good web host will save you and your organization when an emergency arises.

My recommendations for choosing a web host: The One Website Cost Your Organization Can’t Afford to Skimp On →


Thou shall have a strong password

What makes password “strong”?

  • Lots of characters, usually more than 8, but I aim for more than 12
  • Includes a combination of uppercase, lowercase, numbers, symbols
  • Changes every 3 to 6 months

Need help getting started with a strong password? Here’s the recipe I like to use over at


Thou shall not share thy login information

If you have a tangle of user accounts and permission levels for your website, you’re not alone. Many nonprofits are in the same boat.

Keep your setup tidy by following these three guidelines:

  • Every user has her own account...
  • With just the permissions she needs, and no more
  • Close accounts promptly when staff/interns/volunteers leave


Thou shall have a backup

Even the most seasoned web professionals have a safety net - a backup of the website.

Do you have an automated backup system in place for your website?

If not, watch my tutorial for WordPress websites: Learn How to Backup Your Website →


Thou shall subscribe to SmartCause Digital email updates

Ready to add digital skills to your resumé? Make sure you’re subscribed to SmartCause Digital Updates. You’ll receive helpful resources, just like this one, to help you transform your website and transform your career.


Did you find this article useful? Subscribe to SmartCause updates to receive a free helpful resource every week

About the Author

Yesenia SoteloYesenia Sotelo is a digital skills trainer and web developer.

I'm grateful to have led trainings & presentations for these nonprofit thought leaders

Nonprofit thoughtleaders

I'm proud to be a member of each of these nonprofit teams

World's best nonprofit clients