The 13 Things Every Webmaster Needs To Know About Internet Security

Everyone who ever goes online faces a multitude of risks to their internet security.

Online business owners and casual webmasters alike face more threats and annoyances than others however.

Issues such as spam, viruses and hackers are never far enough away for comfort.


Even though solutions to such problems always seem to be coming to market, those behind the spam and other nastiness tend to remain one step ahead.

All is  not lost, however, because here are 13 tips for webmasters who wish to remain as secure as possible when working online –


Always ensure that you not only have a quality anti-virus program but that you keep it fully updated with the latest virus definitions too.

Some anti-virus programs can slow your computer down whilst they are scanning but I would still recommend that a full scan should be made every day in order to ensure that there are no viruses or other nasty surprises hiding on your hard drive.

I’ve tried out many anti-virus programs from different vendors and each have their own advantages and disadvantages.

If you are looking for a free solution then I would recommend AVG and for a paid solution you could do worse than check out the latest from Panda.


At this precise moment in time I’m not using any spam blockers or filters because I had an unrelated problem with my email client that left me needing to reinstall it.

However, I would suggest SpamFighter Pro as being a good means of keeping all that worthless junk out of your inbox, thereby increasing your productivity and helping you to keep your sanity!


Through my hosting account I have access to a free service known as SpamAssassin which attempts to block junk email before it even gets redirected to my Outlook inbox.

Whilst I have found that it isn’t 100% perfect it does do a pretty good job and zaps almost everything that I don’t ever want to read.

Of course, if it were to flag genuine email as spam then all would not be lost as there are many configurable options and junk mail doesn’t necessarily need to be deleted if you choose not to.


One large but simple mistake I see many webmasters, new and old, make is that of making their email address public on their websites.

By having a ‘live link’ to your email encoded onto any webpage you are inviting the attention of spambots which continually trawl the internet, looking for email addresses to harvest.

The simple solution to this problem is to never have an HTML version of your email on your website.

Instead, use a contact form, with a CAPTCHA if you like, in order to stop the bots from adding your address to spammers databases.


If you promote your website on online forums, or through commenting on other peoples’ blogs, then chances are you’ve had to reveal your email address at some part of the process.

If that is the case then I hope you haven’t used your primary account because spammers will almost certainly get hold of it at some point.

Instead you should consider using disposable or unimportant email accounts that can be discarded or ignored should they become overwhelmed with junk mail.

Email accounts from Google’s Gmail or from Yahoo are good for this purpose.


If the website you run is a forum or blog then spammers will find you soon enough.

It doesn’t matter how high or low your traffic numbers are because sooner or later you will start receiving trashy posts or unwanted comments that serve no purpose other than to promote the sort of websites you would never link to under any other circumstances.

Forums can avoid this behaviour to a degree by using CAPTCHAs on their sign-up pages in order to prevent new user accounts being created by bots.

Beyond that, the owner (or moderators) need to remain on the ball in order to remove spam threads and ban the offending users.

Bloggers are in much the same boat though WordPress users can use plugins, such as Akismet, in order to block the spam before it ever appears on their blogs.


Some web hosting companies allow you to set up a catch-all email address which will receives all email that has not been specifically marked for a set POP email address or email forward that you may have set up.

You can use this to your advantage whenever you are required to disclose an email address on the web, for example when leaving a blog comment or signing up to an email newsletter.

For instance, I could leave a comment on your blog using the email address of

This is easily remembered and if that address ever receives a reply then it will end up in my catch-all domain email address.

The advantage of doing this is not only the fact that I haven’t disclosed my real email address but also the fact that I can monitor the email that this address receives – if it gets bombarded with spam then I would know who exactly had been selling my details 😉


Everyone needs a firewall!

As a minimum you should ensure that you are using the Windows firewall that comes with your operating system in order to minimise the risks of your computer being hacked whilst you are online.

If you connect to the internet via a wireless router then ensure that you have its security functions set up properly so that no-one else can hijack your connection or gain access to your own network.

If you ever check for wireless signals in your area then I bet you would be shocked to see how many of your neighbours have their routers not only visible but totally unprotected too.


If you trade on the internet in any way, i.e. you sell one or more products through your website, then you will need to make sure that the purchasing process is as secure as possible for your visitors.

Either your web host or the company that provides your shopping cart should be able to provide a service with a security certificate that allows transactions to be made over a secure server.

How do you know if the checkout process you are currently offering is secure?

Its quite simple to find out – just look to see if the web address of your payment page begins with https rather than htpp.

Additionally, many browsers will also display a yellow padlock when you are viewing a secure page.

A good example of a secure third party payment processor is PayPal.


If you have your own website and are in any way serious about what you are doing with it then you will almost certainly own your domain name.

Some unscrupulous people and companies operate several scams designed to bilk domain owners.

These scams range from scare tactics, through fake companies and onto domain name phishing.

You can read more about domain name scams here.


Everyone wants traffic to their websites and good SEO techniques and practices are one way of getting it.

Specialised companies can work wonders in getting websites to the top of the search engine results pages in return for a fee.

Unfortunately, however, some SEO experts make promises they cannot keep or are deceptive in the claims they make.

Watch out for SEO scams.


WordPress is very popular amongst bloggers and is a well-used platform with thousands of independent designers and developers around it creating plugins and new themes.

As everybody knows, links are the currency of the web and what better way of gaining links than having yours placed on a WordPress theme that may be used by hundreds or even thousands of bloggers around the world?

For a fee, a designer can code your link onto the theme they have designed and then whenever anybody uses that theme for their blog you will instantly gain links back to your site.

Depending on where the link is placed, and the topic the blogger is writing about, these links may not actually be worth very much though.

Not to mention the fact that your link may get removed by the blogger, or could even be on a theme that has been stolen from another designer.



How do you get your website to rank well on the search engines for the keywords or phrases you wish to be found with?

There are many answers to that question but one of the most valuable commodities on the web is the power of the incoming link.

Reciprocal linking, though probably so devalued now as to be almost worthless, are one way of driving some extra traffic to your site.

However, one way links from you to your link partner are even more valuable to them so make sure you are not being duped into a link trade scam.


About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. Wyatt Sprague says:

    great selection of tips! thank you.

    as you said recip links or link backs are tricky. interrogating the quality of the other site is recommended thru alexa, compete, etc.

    paypal is a great example of a secure site. they have implemented extended validation SSL far more robust than even SSL which can be spoofed by hackers. one more visual cue to add is look for the bright green url in the navigation bar.

    thanks again!

  2. Thankyou Trevor.

  3. What can be added to that? Awesome collection of tips, thanks man.


  1. […] majority of people who run a website will have bought the domain name that they […]

  2. […] you, as the webmaster, are serving ads or anything else from another remote server you must make sure that it is not […]

  3. […] What Can I Do?Avast AntiVirus2009 – Year Of The Panda? Nope, It Was Year Of The MalwareThe 13 Things Every Webmaster Needs To Know About Internet SecurityWhy Hackers Hate Windows 7What Should I Do If My Website Has Been Hacked?Do Hackers Have The Ability […]