Basic tips to keep your school website safer from hacking

Schools have occasionally found their school website hacked.

Sometimes minor changes are made, other times the whole site is replaced by something else.

The motive is usually either for no particular reason or to promote a point of view or message.

Here is a reminder of good practice to ensure good levels of security on your website in light of increasing cyber-attacks.

Ensure software used to make the website is up to date

This applies to both the hosting server operating system and any software that is run on your website such as a CMS (content management system, eg: Joomla) or forum.

When website security holes are found in software, hackers are quick to attempt to abuse them.

If you are using a managed hosting solution, the sort where a small number of people log in to change various elements of your website, then you should not need to worry so much about applying security updates for the operating system as the hosting company should take care of this for you, but it is worth checking with your web company.

If you are using third-party software on your website such as a content management system (CMS) or forum, you should ensure you are quick to apply any security patches.

Use strong passwords

Make sure you use complex passwords (eg: W1g2N1avmm = When I go to Nottingham I always visit my mum) especially to your server and website admin area, but equally also important to insist on good password protection practices for all users.


If your website contains within it any personal data that is accessed by certain people then HTTPS is a protocol used to provide security over the internet.

HTTPS guarantees to users that they are communicating with the server they expect, and that their content is not being intercepted / changed in transit.

If your site is hacked?

In the event of a cyber-attack or your website being hacked you will need to liaise with both your web design company and the hosting company (they might be the same people but could be different).

Your IT support should also notify Ealing Council's IT support.

Was this page useful? 
Last updated: 27 Jan 2021