How to fix and prevent church website hackings

When you hear the sentence, “The woodcutter hacked down the tree”, what image comes to your mind?

Most likely, NOT a swift, clean cut. More like a series of heavy, rough blows that basically make a mess of the job.

So, if someone hacked into your church’s website, you can imagine the damage they are likely to cause.

By definition, ‘computer hacking’ is when someone unauthorized to do so, gains access to your computer website.

We are not speaking about normal entry to your website as an Internet surfer, reading your blogs, watching your sermon videos. We are speaking about someone who enters your website as an unauthorized ‘administrator’ with the ability to make changes to the material found on, and functioning of, your website. While this unauthorized entry can be done manually by the hacker, it is more likely to happen via an automated process that the hacker has set up.

If you are like most people, you don’t have the first clue about hacking. This lack of knowledge should not lull you into believing that it cannot happen to your church’s website.

Also, size is not a factor. A few of the churches I partner with, like my church, was hacked at one time or another. To-date, churches that have moved over to our platform have not been hacked. This is because our platform,by following a specific set of best practices, has a lower risk of being hacked.

Sucuri FREE SiteCheck

Sucuri FREE sitecheck

(Keep reading, our set of best practices is listed below…)

So, why would a hacker hack into your church website?

Ideology: Don’t like a site’s content or message? Remove it.

Free resources: Why pay for a website when you can use someone else’s for nothing?

SEO ratings: By using your website to post their web pages and/or links, hackers can improve their search engine ratings, driving more traffic to their malicious sites.

Ransom: Hackers demand money or else they will destroy your website, including valuable company data.

If you would like to hear about hacking in more detail, try this. If you would like to find out more about how hackers hack, this link is good.

And hacking is on the rise. Data from the UK indicates that in 2015, almost 75% of small businesses (percentage up from previous years) had some kind of security issue.

Interested in how much hacking costs the economy? The annual estimate for the US is $100bn. Big business!

But what’s the problem? Why is hacking so bad for churches? Money issues aside, ‘reputation, reputation, reputation’.

Think of your website as you, greeting worshipers at the entrance of your church. Behind you are looped videos of ‘lightly clothed’ young women performing ‘interesting’ physical acts. Perhaps instead of arriving at your website, users are automatically redirected to a viagra website. Or there is no one at the entrance at all.

What does this say about the church and the people who run it? Forget not reading blogs or watching sermons – there is little chance of people feeling confident to pay such a church an online tithe.

This actually happened at my church. During one hack, one of the members saw pornographic material linked to our website. As a result, a few months later, another member who had heard the story, told the pastor they could not pay their tithes and offerings online.

Now, this rather traditional church understood that they needed to change their tactics. They moved from a free service to our premium platform which is highly resistant to hacking. We gave them a generous price discount to ease their transition.

Fair or not, Internet surfers who find a website that ‘turns them off’ or is ‘turned off’, almost never visit that website again.

So, it is obvious that all church websites need to take steps to reduce their chances of being hacked.

Here are some ways to do that with your existing website…

Own your domain name. When you are the owner, you will have ready access to your website for a quick ‘shut down’ if attacked.

Back things up. ‘Back up’ means saving daily copies of your website pages and data. In the event of a hack, your website will use its back ups to quickly return to an uncorrupted version.

Educate your tech team. Many people have weak passwords which are easily found. Your church website tech team should be taught how to create strong passwords and how to keep them safe. Software such as and 1Password can help.

Create a ‘hacked action plan’. Similar to an evacuation plan (what to do in case of fire or other emergency), your church tech team needs a plan in case of a website hacking. Do they temporarily close the website? Do they call the hosting company? What if they can’t get through to that hosting company?

Less is safer. Many people feel that the more ‘stuff’ on a website, the better it is. We’re not sure. What we do know is that every add-on or plugin is a potential ‘doorway’ for a hacker. When adding something, look at the complete picture, considering value vs. risk.

Keep it current. Outdated software is a hacker’s dream come true. Routinely update your system and all its components.

Hire professional guards. Reputable companies such as Sucuri, monitor, analyze, and clean up websites so that they are less vulnerable to hacking. If a hack does occur, they take immediate steps to minimize any damage.

Building a new website or seriously revamping an existing one? Consider the following:

  1. Will your website be on premium hosting that is specific to the platform built around, including optimized cloud hosting?
  2. Will the site coding and programming be optimized?
  3. Will existing plugins be accurately evaluated, with new plugins created as needed to improve security?
  4. Will there be daily website backups?
  5. Will there be a security framework for multi-user access with role management?
  6. Will there be a stream-view plugin so website administrators can see who did what?
  7. Will there be clear but evolving internal security policies?
  8. To enhance security, will all domain names as well as all TLDs (Top Level Domain) be the church’s own name? e.g.,, (Note: the TLD is the part of the Internet Domain Name which tells “the type of entity owning or sponsoring the address, or the country in which the address is located).domain name tld faithvox


No website is 100% hack free. However, a properly constructed and maintained website means that the risk of a hack is low, and serious damage from a rare hack is even lower.

We recommend starting this week by going over the recommended steps above. If you want to get more information about why security and performance matters, you can download our free ebook (link to ebook). Our ebook will also give you some ideas about how to improve your digital strategy. Love to hear from you – add a comment or question in the comment section below.

Leave a Comment