Our Commitment to Data Security
Our goal is to give our customers full control over their database, and tools to effectively manage this data. The use of a WordPress plugin to accomplish this goal has many advantages. The main advantages are eliminating the sale of the customer’s supporter data to email lists, reducing the number of application logins to complete daily tasks, and increasing donation page performance. The main disadvantage of the plugin option is that the nonprofit organization has to insure the privacy of the supporters in their database. To assure that they are successful in this endeavor, our software was created using coding best practices and we train our customers in data handling best practices. Our code base and training will mitigate our responsibility and help eliminate the possibility of a security breach or website hack.
Common exploits and the steps taken to prevent their use by intruders.
Prevent SQL Injections
- Sanitize user and application input to database.
- Parameterize query variables.
Prevent Broken Authentication
- Require organization admins to use strong passwords.
- Require organizations to limit access to the backend of their WordPress website.
- Require multi-factor authentication for admin logins.
Prevent Inadvertent Free Access to Donor Data
- All pages displaying donor information are inaccessible to users that are not logged in.
- All pages displaying donor information are hidden from search engines.
Prevent Access to Donor Credit Card Data
- All credit card data is handled by Stripe or PayPal through an encrypted iframe window.
- No donor credit card data is stored in the organization’s database.
Limit Vulnerabilities From Libraries, Frameworks, and Other Plugins
- Keep all software applications updated with the latest versions.
- Run vulnerability tests.
- Limit the number of external libraries used.
Prevent XSS (Cross-Site Scripting)
- Validate user input.
- Sanitize user input.
- Limit user input.
Any website on the internet, including a WordPress website, can be hacked. To reduce or eliminate this condition, website creators and administrators must use coding and data access best practices. Key security measures for any website include the use of strong passwords, multi-factor authorization, and regular vulnerability scans. Extra security measures recommended for a WordPress website include using plugins that are vetted, and making sure all plugins and the WordPress core are running the latest versions.