Wild Apricot Blog

View: Tags | Archives

When Nonprofit Websites Go Bad

Lori Halley 16 November 2009 4 comments

I’ve just visited more than 100 nonprofit websites, checking links to update a major resource list that helps those organizations to get more public attention and support. But 3% of those nonprofit websites just got crossed off the list. They’ve been hacked. The sites are infected with malicious software. And the nonprofits don't even know it.

website security warning

Depending on the nature of the infection, simply viewing a hacked website has the potential to infect a visitor’s computer with malware — and that's a visitor relationship disaster that any nonprofit organization will find it mighty hard to recover from!

What’s a nice Nonprofit org like you doing with malware on your website?

Sadly, it’s a fair bet that the nonprofits involved have no idea their site security has been compromised. After all, if you think about a typical busy week in a small, busy, understaffed nonprofit office:

  • How often do you visit your own website?
  • How often do you search for your website in the search engines and click through from a search result, instead of typing the URL straight into your browser?
  • How often do you scrutinize your website analytics? And I’m not talking about a quick peek at the traffic trends here, but an indepth look for unusual patterns in your stats. In some cases, only a couple of pages on a site may be infected, in which case you may see a sudden drop in traffic to those pages; or you may find that your login page has been getting hits from an unauthorized source; or... anything out of the ordinary will bear a close look.

Not all browsers will detect all infections, and not all of your website visitors will be reliable about installing anti-virus and anti-malware software on their computers and keeping it up to date. As a website publisher, your organization has an obligation to try to keep your site safe for visitors, and it only makes good practical sense, too.

You know how fast a piece of bad news — like “That nonprofit site gave me a virus!”  — can spread online!

red icon - Norton security warningQuick Free Website Security Checks

There are a couple of things you can do to make sure your website is safe for visitors to access.  To begin with — and this takes only a quick minute — check to see what anti-virus and anti-malware software providers have to say about your site.

Both sites will give simple clear information about the status of your website, no special technical knowledge required and almost no techie talk to decode. The green icon means OK, your site has tested safe. The red X icon means you've got trouble. Simple as that.

Keep It Clean!

If your website is clean and free of security threats, let’s keep it that way:

  • Make your passwords hard to guess, keep them private and secure, and  change them frequently.
  • Give volunteers and members only the site / administration privileges that they absolutely positively need to have in order use your website.

Assuming that your passwords are kept secure, the biggest security risk for a website owner will normally be running a site on outdated or vulnerable software.

Remember, if you’re self-hosting your website (and/or blog, and/or discussion forum), it’s vital to keep your website software up-to-date with the latest version. That includes all security patches and the latest version of any plugins or add-ons you’re using — install those updates as promptly as possible whenever a new version is released.  And it should go without saying, install only those third-party widgets and plugins in whose author you have full confidence.

Does all that website housekeeping sound like a major hassle?

Sure it does.

But we’re living in a time when more and more personal, valuable information is kept on our computers or in the cloud — and anyone can buy a nasty password-stealing malware script on the Internet for $25. Just think about it.

And while you do that, I’ll be trying to track down contact info for some small nonprofits who have no idea their websites have been hacked!

Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

Posted by Lori Halley [Engaging Apricot]

Published Monday, 16 November 2009 at 3:30 PM


  • Twitter Trackbacks for Wild Apricot Blog : When Nonprofit Websites Go Bad [wildapricot.com] on Topsy.com  said:

    Monday, 16 November 2009 at 7:36 AM
  • uberVU - social comments said:

    Monday, 16 November 2009 at 7:54 AM

    This post was mentioned on Twitter by TACS_NPower: RT @nptechblogs: Wild Apricot Blog: When Nonprofit Websites Go Bad http://bit.ly/1aLPCm

  • Sonia Simone said:

    Tuesday, 27 July 2010 at 8:05 AM

    There's a *lot* of hacking going on right now.

    When my site got hacked, securi.net was a really excellent service to a) get it fixed (there are tons of sneaky little back door things the bad guys leave so they can come hack you again after you fix it), and b) monitor the site multiple times every day to make sure nothing else bad happens. I really recommend them. No affiliation, of course. :)

  • Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

    Lori Halley [Engaging Apricot] said:

    Tuesday, 27 July 2010 at 8:37 AM

    These attacks seem to come in cycles, don't they, Sonia? - like the flu! I've been coming across another rash of infected sites lately, and hearing from an increasing number of people whose sites have been hacked. It can (and does) happen to anyone... Thanks very much for the tip on @sucuri_security - good to have a referral from a trusted source, to know where to go for help in fighting the bad guys.

Sorry, this blog post is closed for further comments.

Search: WildApricot.com 

About results ( seconds) Sort by: 
Sorry, an error occured when performing search.
Scroll to top