These days, your organization’s website is one of the most powerful tools for helping people discover you, connect with you, utilize your services, join you in your advocacy work, or become a donor, member, or volunteer. And yet, many nonprofits haven’t documented the basic information needed when something catastrophic happens to their website–or to help protect against this happening in the first place! This checklist provides a helpful starting place.
Domain Registration
Your domain is the address you share publicly with people so they can find and visit your website. Often, it’s some variation of YourNonprofitName.org. In the case of the website you’re viewing now, it’s connectforimpact.com.
Domains are typically renewed every year. Sometimes the renewal is included in your web hosting costs, and in other cases it’s paid to a different company known as your domain registrar. Annual registration fees are usually less than $20/year, although they can be higher.
If your domain registration expires, you will lose ownership of the domain and your website and any email accounts associated with it will stop working. There is typically a small window of time after a domain registration expires that you can still renew it. If you miss that grace period, you may be unable to regain access to the domain and will have to purchase a new domain to use for your website and email.
What you need to know:
- DOMAIN(s): a list of what domain names you own
- REGISTRAR: the company your domain is registered with
- LOGIN CREDENTIALS: the username and password needed to access your account
- RENEWAL SETTINGS:
- is your domain set-up to automatically-renew each year?
- what (if any) payment type is on file?
- what email address is associated with your account? <– this is how you’ll be notified when your domain is about to expire or if its annual renewal fails
If you don’t already have this information captured somewhere easy to find, check with whomever helped set-up or manage the website. Next, check with the company you pay for web hosting (see below for more information). Certain details are also discoverable via the ICANN registration data lookup tool.
Web Hosting
There was a time when many organizations stored their website files on a private server. These days, most small to medium-sized nonprofits store their websites on shared hosting plans through providers like GoDaddy, HostGator, BlueHost, SiteGround, etc., or through an individual or company contracted for web management services (in the latter case, they are often reselling web hosting provided by the companies listed above through their small business).
In some cases, the software you choose to power your website is also your web host–these bundled content-management-plus-hosting options are known as website builders and a few examples are listed in the next section on Content Management Systems.
If your web hosting service lapses, then all the content files stored on your account–web page text, images, documents people can download, web forms, etc.–will no longer be available when someone visits your website. In other words, your website will appear to be ‘down’ or ‘broken’ to anyone who visits your website.
As with lapsed domain registrations, sometimes there is a brief grace period during which your content can be recovered and restored, but eventually it will be deleted and lost forever (unless you’ve saved copies elsewhere).
What you need to know:
- WEB HOST: who you pay to store the files and content that make up your website
- LOGIN CREDENTIALS: the username and password needed to access your web hosting account
- RENEWAL SETTINGS:
- what is your payment period? this could be monthly, quarterly, semi-annually, annually, or even multiple-year periods
- is your web hosting set-up to auto-renew?
- what (if any) payment type is on file?
- what email address is associated with your account? <– this is how you’ll be notified when your hosting is about to expire or if its periodic renewal fails
Content Management System
A Content Management System (CMS) is software that makes it possible to create, manage, and modify content on a website without extensive technical knowledge (e.g., programming, coding, etc.). Examples of CMS software used by nonprofits include:
There are also tools known as website builders that essentially combine your content management and web hosting through a single service. A few popular examples include:
Failure to keep your CMS software updated can lead to security vulnerabilities and also cause your site to become unstable and more likely to crash or stop functioning as expected.
What you need to know:
- YOUR CMS: the software system used to build, manage, and update the pages on your website
- CMS SOFTWARE LICENSE:
- LOGIN CREDENTIALS: the username and password used to access your website’s administrative dashboard
- SOFTWARE UPDATES: These updates typically include improvements to functionality as well as security enhancements. Is there a cost to maintain a software license to ensure continued access to software updates? If so:
- what are the terms + cost to keep your CMS software current?
- is your software license set-up to auto-renew?
- what (if any) payment type is on file?
- what email address is associated with your account? <– this is how you’ll be notified when your current software license is about to expire or if its renewal fails
User Accounts
Depending on the CMS you use, you may have the ability to create multiple user accounts with varying level of access to make updates to your website’s content.
It’s important to keep track of ALL the user accounts you create so that you can revoke access from users who are no longer affiliated with your organization–whether they be employees, contractors, or even volunteers.
Unused user accounts, especially those with full admin access, also create additional access points for hackers. (It’s also important to enforce the use of strong passwords by all users, but that’s a topic for another day!)
What you need to know:
- CMS USER ACCOUNTS: keep a list of all user accounts created for your website’s admin dashboard, including:
- login credentials – individual users may be able to create their own passwords, but you should know (and control) who each account is assigned to, their username, the email address associated with the user account, and additional contact information like a phone number or alternate email address to reach them
Back-ups
A website back-up prevents data loss when something happens to cause your website to break down; it should include a copy of all of your website’s files, content, media, and databases.
Having a back-up of your website ensures that if something catastrophic ever happens—whether it be due to human error, hacking, or a problematic software update—you’ll be able to restore your website and limit the time, worry, and expense involved in getting it back up and running.
The good news is that it is generally pretty simple to automate back ups through online services provided by your web host, or software plugins that can be added to your CMS.
What you need to know:
- ARE BACK-UPS ENABLED?
- Do you have a system set-up to periodically save and store a current copy of all the files that power your site?
- If so, have you documented what to do if you need to use a back-up to restore your website if it ‘goes down’ or ‘breaks’?
- What frequency are back-ups being captured–e.g., daily, weekly, monthly, annually? Is this frequent enough to ensure against significant data or content loss if your website crashed today? For example, if you are adding new content to your website daily, then you would want your back-ups to be daily and not monthly or annually
If you’re unsure where to start, then check with your web host first to find out whether they include website back-ups in your plan or as an add-on service. Most web hosts offer this, but you may need to pay an additional fee, upgrade your service plan, and/or take steps to schedule or activate the back-up service.
Security software
Most websites are under constant attack by hackers and bots attempting to login to your site, infect it with malware, bombard you with spammy comments, or steal any sensitive data you collect through your website.
Security software adds safeguards to your website to reduce its vulnerability to threats. Most will also run periodic scans to detect any new vulnerabilities and alert you when there are actions you need to take to protect your website.
Like website back-ups, security scanning can usually be set-up through your web host, a third-party cloud based security provider, or a software specific to your content management system.
What you need to know:
- ARE YOU USING ANY SECURITY TOOLS? Determine whether you have enabled any security software on your website, or through your web host or a third-party service provider
- If not: investigate your options! Do a web search for security tools that work with your CMS and/or contact your web host to see what options they may offer
- If so: document what security tool is activated and document whether there are any additional costs, payment information, and/or user accounts
Use the checklist!
This handy checklist was designed to help you collect all of the information described in this post. In some cases, you may find that you need to take action to add protections to your website (e.g., back-up service, security scanning, etc.).
Most importantly, however, is to be sure to keep this information updated over time. You may find it helpful to put a reminder on your calendar to review this checklist once or twice a year to ensure it is still up-to-date.
This small investment of time and attention will provide you with the peace of mind that you have everything you need to respond if something goes wrong with your website.
If you have additional thoughts or tips to share, or if you found this post helpful, please be sure to comment below!
Want more resources like this delivered straight to your inbox? Click here to keep in touch.
Thoughts? Share them here: