Church Website Security

Now more than ever, security impacts whether your church website will show up in Google Search results.

We can help make sure Google isn't penalizing your church website for security related issues.

Find Out More

Being HTTPS enabled isn’t enough!

Simply having an HTTPS enabled website isn’t sufficient. You need to make sure that your site follows specific practices so that Google Chrome and other browsers will mark your church website as secure lock

Steps Toward A Secure Website

Step 1: Obtain and Install an SSL Certificate to Enable HTTPS

The first step toward securing your church website is to obtain an SSL Certificate from a trusted provider. Doing this will enable HTTPS for your website, allowing the data transfer between you and your users to be securely encrypted.

As of July 2018, Google Chrome displays all websites operating over HTTP as not secure. Google’s search algorithm has provided ranking advantages for sites operating over HTTPS for some time. These practices are Google’s way of encouraging the web to operate securely all the time.


Step 2: Force Usage of HTTPS

Once your SSL Certificate is installed and your site is HTTPS enabled, it is wise to force the usage of the HTTPS protocol. This ensures that users who attempt to access the non-secure version of the site over HTTP are instead sent to the secure version of the site.

This is advantageous because it:

    • Ensures that users interact with your site securely regardless of how they made their way to your site. For example, old links to your website may point to the HTTP version of your site.
    • Converges traffic to a single protocol, allowing for a simple and complete analytics picture from the HTTPS version of the site.

Forcing HTTPS can be accomplished in various ways depending on the nature of your site. In some instances, this process may be fairly technical, but it is certainly worth undertaking.

Mixed Content

Step 3: Fix Mixed-Content Errors

The final, and often most time consuming, step in ensuring that browsers indicate that your church website is secure lock is to make sure there are no problems with mixed-content.

Each page on your website is made up of various components to produce the final result. Images, fonts, scripts, styles, and many more assets are likely to be referenced on just about every page of your website. However, if any page on your website is referencing an asset using HTTP as opposed to HTTPS, this page will not be displayed as secure.

You can see below how Chrome displays an HTTPS page with mixed content errors. There is no “secure” lock present, and the following text is displayed when you click on the icon that appears where the “secure” lock should be:

Repairing mixed-content errors can be a quite technical and time consuming process. The best way to go about it is typically to audit your site using a third party tool to locate where problems exist. Using those results, then make whatever adjustments are necessary to ensure the assets in question are being referenced using HTTPS.

We're Here To Help

If you require assistance securing your church website, Missional Marketing is here to help. We will perform the steps above that are applicable to your site, to ensure that all user interaction with your church website is performed securely.

Note that the price of this service does not include the cost of an SSL Certificate. However, with the advent of Let’s Encrypt, SSL Certificates can now often be obtained at no cost.

To get started, please book a call with us by selecting “Church Website Security” within the scheduler below. We look forward to speaking with you!