Keeping your church website secure protects users and church administrators alike to make sure that everyone’s information is safe online. Learn more about cybersecurity and three simple ways you can make your church website more secure.

Get a Transport Layer Security (TSL) Certificate

You may have wondered what the difference is between a website with HTTPS at the beginning of its URL and a website with HTTP. The difference is that the former has implemented TSL. TSL is a cybersecurity protocol that encrypts data. This means that when data is transmitted across the internet to or from your device, it is encrypted, or scrambled, so that anyone else who intercepts that data gets an indecipherable mess instead of the data you are receiving or sending.

This is important because people deal with private information on the internet on a regular basis. Imagine entering your social security number into a website and it being intercepted by a hacker on the internet. That could lead to terrible consequences. TSL ensures that this can’t happen.

TSL also authenticates websites, meaning it ensures that the owners of the websites you’re accessing are who they say they are.

To use TSL on your church website, you must have a TSL certificate (sometimes referred to as an SSL certificate, after the name of an older cybersecurity protocol), which is issued to the owner of a domain by a certificate authority. Some popular certificate authorities include Let’s Encrypt, Comodo, DigiCert and GlobalSign.

Use Strong Passwords

While obtaining a TSL certificate is a step you need to take to protect users of your church website, there are a couple of steps you need to take to protect yourself too. One is using strong passwords for all logins related to your church website (this most likely includes the accounts for your content management system, domain registrar and any associated email addresses).

According to the Cybersecurity & Infrastructure Security Agency, passwords need to be long, random and unique:

• Long: Make your password at least 16 characters long.
• Random: Use a random series of mixed-case letters, numbers and symbols (you could use a password generator to do so), or create a memorable “passphrase” of four to seven unrelated words.
• Unique: Use a different password for every account you access.

This will make it more difficult for hackers to access your church website through simply logging in. Make sure to store passwords securely using a tool such as a password manager. Some free password managers include NordPass, LogMeOnce, Proton Pass and Bitwarden.

Restrict Administrative Privileges

In most content management systems, administrators of a website have the ability to add users who can then create their own credentials to access the site. Make sure you are selective with who you give administrative privileges to. Or, if you have a lot of people whom you would like to have access to your church website’s back end, only give them permission to access the parts of the site they will be updating.

For example, your church’s pastor may need full access to everything on the website, but maybe you have a volunteer whose responsibility is to update your blog, so your administrator can limit their access to just the blog portion of the back end of the site.

The United Church of Christ offers UCC churches a program called UCC Everywhere (UCCE) that allows them to maintain state-of-the-art websites that meet the needs of today’s churches. For a monthly or annual subscription fee, participating churches get their own site along with other digital marketing tools and support to make sure their message is reaching faith-seekers in their community via the appropriate virtual channels.