A congregation seeking to build its first website or to upgrade an existing one has a wide range of choices. There is traditional HTML with editors such as Dreamweaver and Visual Studio, in-the-cloud platforms like Weebly and Google, and the now-popular “open source” applications.
WordPress, Joomla and Drupal are open source content management system (CMS) platforms used by millions of web sites, large and small, throughout the world. CNN and Forbes use WordPress, Harvard uses Joomla, the White House uses Drupal. The Diocese of Newark’s site is built on the Drupal platform as are the congregations in the diocesan Church Website Project.
“Open source” means that the software is developed and maintained by a community of users, it is free to download and is continually being improved by the community for new applications. But because it is open source, with the code available to everyone, the sites that use the platform are vulnerable to hackers who search for “bugs” in the code. Once found, there is a race for the hackers to exploit the bug for malicious ends before the community discovers the problem and develops a “fix.”
In most cases users of open source software upload the platform to their ISP’s hosting space, so guarding against hacking – what I’m calling the care and feeding of the open source – is a major concern. Hacks take many forms – your home page could be replaced with salacious images or used to redirect visitors to a porn site. Links could be modified to download spyware or malware designed to take over your computer. You could be locked out of your own site. In the worst-case scenario, if a site is badly infected by malicious code inserted by the hackers, its webhost may take the site completely offline until it is thoroughly cleaned up.
Some preventative measures are simple: the default user login is often “admin.” Change that to something else and make sure the password is long and strong. Other measures are given in detail in the links below.
All the experts agree: the best prevention to avoid such disasters is to keep the open source code updated. There are two kinds of updates: security fixes and updates with new features. As bugs are found and fixes created, users are sent notification that a security update is in order. Webmasters should apply security updates as quickly as possible.
For the Diocese of Newark site, “staff geeks” Nina Nicholson and Randy Johnson perform this task as soon as a security fix is announced. (Those sites hosted as part of the Church Website Project are updated by them as well – a distinct bonus for the congregation webmaster.) Updates which contain new features can be added later if the new feature is not immediately needed. And such updates need to be tested in a staging area to make sure the new feature(s) will not break the site, that is, cause certain features to stop functioning.
To sum this up, open source CMS platforms – inexpensive and relatively user-friendly – have many advocates, especially WordPress. They just need a little extra care.
See also:
Add new comment
Our comment policy requires that you use your real first and last names and provide an email address (your email will not be published). The Communications Office of the Episcopal Diocese of Newark reserves the right not to publish comments that are posted anonymously or that we deem do not foster respectful dialogue.