How Secure is Your School Website?

Website hacking is an issue for all websites, not just big corporations, banks and government departments.

We often see articles in the media about hackers making targeted attacks on large companies and governments to steal money and information or for ideological reasons (known as hacktivism) but schools, individuals and small organisations are also at threat of being hacked.

Why would a hacker target me?

The truth is most hackers don’t single out particular individuals and are simply attacking vulnerabilities on any site they can find, using automated tools to hack as many websites as possible.

Websites owned by schools or individuals may not contain high-security information or credit card details that hackers can steal but they will still be able to exploit your resources such as the website database, the hosting server or the website’s visitors. These resources can then be used to execute several actions:

  • Attacking other websites:
    Malware inserted into your website can infect visitors to your site or other websites hosted on the same server without them being aware of it.
  • Sending spam emails:
    Hackers can use your site’s bandwidth to send hundreds of thousands of spam emails.
  • Storing illegal files:
    Sometimes hackers use your website disk space to store files like shareware and pirated movies.

Malware installed by hackers can also be used to collect the personal data that visitors enter into forms on your site, which can then be sold to spammers.

How do I know if my website has been hacked?

Unfortunately, it can be difficult to tell if you have been hacked just by looking at a site unless the hacker has made obvious changes to the content such as adding images or malicious links. The only way to know for sure is to run a malware scan using a security website or plugin.

If you have set up Google Search Console for your website, it will alert you to security issues but Google may not pick up malware infections as quickly as a dedicated malware scanner.

What are the risk factors?

There are many ways in which a website can be left vulnerable to hacking. These include:

  • Weak usernames and passwords used to access the website administration area.
  • A lack of security software on the server or a security plugin within the website to protect against brute force attacks and scan for malware.
  • Out of date website platform (e.g. WordPress, Joomila or Drupal), themes or plugins.

Although these factors will increase the risk of being hacked, there is still no guarantee it will not happen even if you take measures to plug these gaps. This is why it is important to regularly monitor security and have support in place to clear an infection if and when it happens.

Will my host provider or web designer clear the infection for me?

Website security is a specialist service that a lot of host providers and web designers do not offer. Many hosting packages only provide space for you to store your website so the template and website content are the responsibility of the owner (i.e. the school). Host providers will usually alert website owners if their site is hacked and shut down the site if the infections are not cleared by the owner within a certain timeframe.

Web designers specialise in designing and building websites which does not usually include security management and malware removal.

Unless your host provider or web design company specifies that they offer this service, you will need to clear any malware infections yourself using a malware scanning plugin or pay a specialist web security company to clear it for you for a fee.

At The Education Space, we believe that a web design service does not stop with making a beautiful website for your school. We provide a comprehensive support package as part of our service which includes content updates, backup management and routine website maintenance along with infection removal, security updates and monitoring to protect your site against hacking and malware. We’ve got you covered.