Securing your Organization’s Website

You should get a TLS (SSL) certificate for your organization’s website if you don’t already have one. While the embedded portal to GivingTools is done over a secure connection, crackers can still perform a man-in-the-middle attack and steal donor information. Additionally, starting in July 2018, Chrome will label all sites as “Not Secure” unless you have a TLS certificate. This will be very bad for contributions when donors see a big red “Not Secure” warning on your website.

To combat this problem, we highly recommend our customers get a TLS certificate for their websites. In the past, certificates could cost an upwards of several hundred dollars per year. But since early 2016, Let’s Encrypt, a non-profit, has been providing free (really!) TLS certificates.

Your first step would be to talk to your hosting provider. Ask them if they provide free TLS certificates. Reputable providers that care about security will usually provide these for free. A list of providers that support Let’s Encrypt can be found here.

If your service provider doesn’t offer free TLS certificates, it may be possible to use Let’s Encrypt directly. We suggest you talk with your IT professional, if you have one. There are some great instructions over on their website.

If you don’t have an IT person, the third option would be to use Cloudflare. On Cloudflare’s free plan, they not only provide free TLS certificates, but they also provide free DDoS protection and many other benefits. Troy Hunt, a well-known security expert, has made a free guide on HTTPSIsEasy.com.

As usual, if you have any issues setting this up, don’t hesitate to contact us by email: support@givingtools.com