Synagogue security is always a concern to community leaders, and an important part of that preparation is cyber-security. Synagogues are responsible for keeping their online identity safe, so those responsible for the administration of their synagogue’s website should take appropriate steps to reduce the risk of something malicious happening to it.
The following are my recommendations, based on a list originally published by the Anti-Defamation League during Israel’s Operation Pillar of Defense in November 2012, that can help safeguard a synagogue’s website from attack:
Synagogue website security recommendations
- Use a professional hosting provider – The synagogue’s website should be hosted with a professional hosting provider and not on the institution’s, or a member’s, computer or network.
- Do regular backups – Are the website files backed up regularly? What about the database?
- Ask what security measures are in place – Synagogues should meet with their hosting provider to discuss what security precautions the hosting company uses to prevent malicious attacks and unauthorized access.
- Prepare a disaster recovery plan – This plan should the steps to take to restore the website; who should be contacted in the event something happens (including their contact information), as well as all account user IDs and passwords.
- Limit the number of people that have access – Synagogues should limit and control the number of people who have access to the website and the web server.
- Change passwords regularly – Stick to a regular schedule of updating the passwords used to access either the website or the web server.
- Make passwords adequately strong – New passwords should be sufficiently strong that someone can’t easily “guess” the password. You can make them strong by using a combination of uppercase and lowercase letters; numbers; and symbols.
- Know who has access – Account owners should be aware of who has access to the website and the web server. When using a content management system such as WordPress, this will be the users that are able to log into the dashboard.
- Don’t connect from a personal device – Users should be discouraged from accessing the website through devices such as smart phones and tablets, which can easily be stolen or lost.
WordPress-specific security precautions
- Install WordPress upgrades when they’re available – Not only will this help you take advantage of new developments in the WordPress dashboard, but it will also close a security loophole that exists when files become too out of date.
- Install plugin upgrades when they’re available – The same concept also applies to any plugins that you may be running on your synagogue’s WordPress website.
- Install security plugins– There are a variety of WordPress plugins available that will help secure a synagogue’s WordPress website. Popular ones include:
- Create a Google Webmaster Tools profile – This is useful for monitoring your website’s placement in search engine results, but it also lets you report any malicious activity that may have happened to your website.
If your synagogue’s website is hacked…
- Immediately contact the hosting company – Do this as soon as the incident is discovered. They will need to preserve a copy of the hacked page(s) and copies of all relevant server logs. The hacked page(s) need to be removed as soon as possible in case malware is involved and also to limit the hacker’s usual main objective – to gloat.
- Report the event to the police and FBI – This is especially important to do if the material left by hackers involves threats or hateful language. You can file a report by filling out this form.
- Restore the database and/or file backup(s) – Do so only after the hosting company or ISP acknowledges that the issues relating to the hack have been addressed.
Contact us with any questions
If you or someone from your synagogue has any questions on how to keep the synagogue’s website secure, contact us today and we would be glad to give you an answer.
Posted on December 4, 2012