Accessibility Settings

color options

monochrome muted color dark

reading tools

isolation ruler



How to Protect Your Website on the Cheap

Adversaries of independent journalists are now using an electronic arsenal to attack news websites. Those adversaries can include agents of authoritarian governments, corrupt private companies or even criminal organizations. Their common interest is to silence independent voices and suppress any attempt to expose cases of corruption, negligence or human rights violations.

Those cyberattacks are costly — sometimes unaffordably so — for small online newsrooms that lack the resources to contract a cybersecurity firm or hire information security consultants. Without technical support, independent news websites are very vulnerable to these attacks.

It is difficult to protect your news website with a minimum of technical expertise. Unfortunately, not many journalists know what to do when their website is attacked. Developers, computer engineers and hackers are more familiar with security tech jargon than journalists. It would be terrific if journalism schools committed to adding cybersecurity as a subject in their academic curricula, but for now we have to accept the reality that we are not prepared to face cyberattacks.

If you’re a low-budget independent news site with few resources, you need to learn how to set up security parameters yourself or find technologists who can work pro-bono. The good news is that there are more than a few pro bono cybersecurity specialists willing to help journalists in distress, and newsrooms can take advantage of their offers to help:

  • You can request help from the Information Safety and Capacity Project, a nonprofit organization based in Washington, D.C. that provides technical assistance to online news publications. Newsrooms that publish in Arabic, Russian, Spanish or English can apply for information security training sessions.

  • You can also request help from a new organization called Security Without Borders, a collective of hackers and cybersecurity specialists who donate their time to help journalists and human rights activists in need of better online security.

  • Several years ago, Canadian nonprofit launched the Deflect platform, which aims to help news and human rights websites resolve Distributed Denial of Service Attacks (DDoS). These attacks overwhelm website servers with requests for access until the website collapses and becomes inaccessible. Signing up for Deflect is free, with services offered in multiple languages including Spanish, Arabic, Persian and Russian. Deflect also offers free hosting and security certificates for websites built with WordPress.

  • You can also request help from Google via its Google Shield Project, which aims to protect news websites and journalists from DDoS attacks.  The support is free for those who work in independent media and includes real-time analytics and security certificate support. You can sign up multiple websites in a single account.

In addition to support from those organizations, journalists should learn the basics in terms of what steps should be taken to prevent cyberattacks. You probably aren’t going to become a developer overnight, but it’s worth making an effort to learn the basics and be better prepared to request technical help when facing a DDoS attack. Some basic cybersecurity measures for media websites include the following:

  • Host your website on a dedicated server instead of a shared server. This will protect you from hackers who can use vulnerabilities on one website to attack another site hosted on the same server.

  • Get a security certificate and a unique IP address. (You can get those for free with Deflect or the Google Shield Project.) Security certificates encrypt the information that transit between your users’ browsers and your server, while a unique IP address gives your website increased stability.

  • Install web application firewalls on all computers in your newsroom. Use a strong antivirus for each device.

  • Use strong passwords — you can use tools like this one to generate them.

  • Update every piece of software your website uses.

  • If you built your website with WordPress, make sure you hide your login page from site visitors. Other key steps for secure WordPress sites include the following: eliminating the metatag generator, customizing your login address and removing any information from your site about what WordPress version you’re using.

  • It’s good practice to only use short URLs on your site content. Hackers tend to use long URLs to gain access to the website files directory, which can then allow them to deface the homepage, destroy information or inject code.

  • Avoid keeping website files public, particularly files like readme.html, readme.txt, wp-config.php, wp-includes and .htaccess. With this simple step, you can prevent many common website attacks.

  • Set up a daily backup of your website. If a cyberattack is successful and infects your website’s database, you can upload a clean copy while you counterattack the infection.

  • Do not use insecure WiFi to access your website.

This story was originally posted on IJNet’s website and is reproduced here with permission.

Jorge Luis Sierra is an award-winning Mexican investigative reporter and editor. He is currently an ICFJ Knight Fellow, where he is developing digital crowd-sourced mapping tools to track crime, corruption and attacks on journalists. He is author of  The Enemy Inside: Armed Forces and Counterinsurgency in Mexico.

Republish our articles for free, online or in print, under a Creative Commons license.

Republish this article

Material from GIJN’s website is generally available for republication under a Creative Commons Attribution-NonCommercial 4.0 International license. Images usually are published under a different license, so we advise you to use alternatives or contact us regarding permission. Here are our full terms for republication. You must credit the author, link to the original story, and name GIJN as the first publisher. For any queries or to send us a courtesy republication note, write to

Read Next


Safety & Security

Why Small Investigative Outlets Lead the Way on Newsroom Digital Safety

Some of the most significant progress in newsroom information security over the past decade has been in smaller, more recently-formed digital startups — many of them investigative outlets. They are proving they can effectively incorporate strong information security strategies into their highly adaptive and responsive workflows.