Website Security Policy

Last updated: June 19, 2026

This Website Security Policy explains how we protect the information and systems associated with al-ahad.org. As an Islamic welfare foundation, we treat your trust with utmost seriousness and take careful, practical steps to safeguard our website and any personal information processed through it.

By using this website, you agree to the practices described in this Security Policy, in addition to our Privacy Policy and Terms of Service.

1. Scope

This policy applies to:

• The public website hosted at al-ahad.org and any subdomains we operate.

• Any online forms, requests, or interactive features on this site.

• The underlying infrastructure and administrative tools we control to manage the website.

This policy does not apply to third-party websites or services that we link to, such as external learning platforms or donation processors. Those services have their own policies and security practices.

2. Hosting and Infrastructure Security

Our website is hosted with a reputable third-party hosting provider. Together with our provider, we work to maintain a secure environment, including:

• Regularly updated server software and operating systems.

• Network-level protections such as firewalls and traffic filtering.

• Physical and environmental security in the hosting facilities, managed by the provider.

While we do not control every aspect of the hosting infrastructure, we select providers who follow industry-standard security practices and make reasonable efforts to keep systems secure.

3. WordPress and Plugin Management

The al-ahad.org website is built using WordPress. To help keep the site secure, we:

• Keep WordPress core, themes, and plugins updated to current stable versions.

• Remove unused plugins and themes where possible to reduce risk.

• Use only reputable themes and plugins from trusted sources.

• Periodically review installed plugins and themes for known vulnerabilities or issues.

When appropriate, we apply additional hardening measures, such as:

• Limiting the number of login attempts.

• Restricting access to the WordPress admin panel.

• Using security plugins or web application firewalls to detect and block malicious activity.

4. Data Transmission and Encryption

Where supported by our hosting provider:

• We use HTTPS (TLS/SSL) to encrypt data transmitted between your browser and our website.

• We encourage visitors to use only the secure HTTPS version of al-ahad.org and to check for the secure lock icon in their browser.

If your browser shows a warning that the connection is not secure, we recommend you avoid submitting sensitive information until the issue is resolved.

5. Access Control and Authentication

Access to the website’s administrative dashboard and related systems is restricted to authorized personnel only. To protect these areas, we aim to:

• Use strong, unique passwords for all administrator and editor accounts.

• Limit the number of admin-level accounts to the minimum necessary.

• Enable multi-factor authentication (MFA) where supported.

• Review user access regularly and remove or adjust access when it is no longer required.

We do not allow public registration of administrative accounts on this website.

6. Data Storage, Handling, and Backups

When you interact with al-ahad.org (for example, by submitting a Shahadah request, certificate request, accommodation letter request, or contact form), the information you provide may be stored in our website database or in carefully chosen third-party systems (such as secure email or communication tools).

In line with our Privacy Policy, we:

• Collect only the information necessary to provide our services and fulfill our mission.

• Store personal data in protected systems with restricted access.

• Use regular backups of the website and database to support recovery in case of technical issues, data loss, or security incidents.

• Take reasonable steps to protect backup copies from unauthorized access.

Details about the types of information we collect, how we use it, and how long we retain it are set out in our Privacy Policy.

7. Monitoring, Logging, and Threat Detection

To help protect al-ahad.org from misuse and attacks, we may use logging, analytics, and security tools. These may include:

• Monitoring for repeated failed login attempts or unusual access patterns.

• Scanning for known vulnerabilities, malware, or unexpected changes to core files.

• High-level traffic analysis to detect possible abuse or denial-of-service activity.

These tools are used to enhance the security, stability, and performance of our website and to help us respond quickly to potential threats.

8. Third-Party Services and Integrations

Our website may integrate with or link to third-party services, such as:

• Payment or donation processors.

• Email and newsletter services.

• External learning and educational platforms.

• Analytics and performance tools.

While we aim to work only with reputable providers and configure these services securely, each third party has its own security practices and policies. We encourage you to review their terms, privacy policies, and security information directly when you use their services.

We are not responsible for the security practices of third-party websites or services that we do not control.

9. Vulnerability Reporting and Incident Response

We welcome responsible reporting of potential security issues. If you believe you have found a vulnerability or security problem related to al-ahad.org:

• Please contact us at info@al-ahad.org with a description of the issue and, if possible, steps to reproduce it.

• Do not publicly disclose detailed information about the issue before we have had a reasonable opportunity to investigate and address it.

When we become aware of a security incident that may affect the confidentiality, integrity, or availability of our website or data, we will:

• Investigate the incident and work to contain it.

• Take reasonable steps to correct the underlying issue.

• Where required by law, notify affected individuals and/or relevant authorities.

10. Limitations and Your Responsibilities

While we take reasonable measures to secure al-ahad.org and the information we handle, no website or system can be completely secure. We cannot guarantee absolute security of information transmitted to or from our site or stored on our systems.

You can help protect yourself and others by:

• Using up-to-date software, browsers, and security tools on your own devices.

• Keeping your passwords confidential and using strong, unique credentials for online accounts.

• Not sharing sensitive information through insecure channels or with untrusted parties.

• Informing us promptly if you suspect any misuse of your information in connection with our website.

11. Relationship to Our Privacy Policy and Terms of Service

This Security Policy should be read together with our:

• Privacy Policy – which explains what personal information we collect, how we use it, and your rights regarding that information.

• Terms of Service – which describe the conditions for using our website and services.

If there is any conflict between this Security Policy and those documents, the Terms of Service and Privacy Policy will generally control for issues specific to their subject areas.

12. Changes to This Security Policy

We may update this Security Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do:

• We will update the “Last updated” date at the top of this page.

• We may provide a notice on our website or via other appropriate channels for significant changes.

Your continued use of al-ahad.org after any changes are posted indicates your acceptance of the updated Security Policy.

13. Contact Us About Security

If you have questions, concerns, or feedback about this Security Policy or our security practices, please contact:

Al-Ahad Islamic Welfare Foundation
Email: info@al-ahad.org

We are committed to handling your inquiries with care and respect, in line with our mission of nurturing faith and inspiring hope.