Tips on WebForms, Log Ins and Security Precautions
User Posts, Blogs, Membership, Script, Database and Server Security Issues

Important Precautions on Web Forms-FormMail, Blog, Ads and Link Postings
to avoid Security Risks and Spam

Do you Know and Design for these critical Anti-Spam and Site Security Principles? ---

These Website, Server and Security and Anti-Spam precautions are part of what you should be concerned about in your Web Forms, Log-ins, Blogging, and other aspects of your Website security/anti-Spam methods to optimize potential for success.

1) Don't put private information or email addresses on websites, certainly not clickable ones (might limit to an image only). Email is handled by FORMS, so you need to plan for secure forms using Captcha, the latest versions set on medium or high. Additionally, more security may be added depending on the type of information being collected or sent.

2) Contact Forms - Web Forms - Web Mail - Input Forms- Formmail: The main precautions here are to avoid having any Credit Card information flow from web forms unless limited and encrypted. Also, all Web Forms must be protected by the latest Captcha - ReCaptcha test to distinguish human users from a spam robot or viral program. The Captcha strength setting should be at least medium, better on high. These are difficult to read for humans, so be sure the form says it allows requests for showing another code if one is hard to read.

3) Inputs by Site visitors: If you are planning to run an open forum, blog, classifieds, directory or membership type site --- be sure to allow for plenty of time reviewing posts. Be sure member users are well-screened before allowing access. Be sure the preview of posts goes through a reviewer, if possible before going into the server database.

4) Also if you intend visitor or customer input of any kind, be sure to choose well-supported and current/recent scripts or software, to run on a large reputable hosting company. Do not attempt your own web server (web publishing) unless you are a server software expert also expert in security of servers, like bigger hosting companies must be.

If you have a crucial or high-dollar operation or business with lots of visitor traffic and input or postings, expect to get into some money (several hundred dollars per month) for a dedicated server. The reason you will want to, or the hosting company may demand that, is that you may pose a risk to the hosting company or their other clients on a shared server. Also you may need the special support, monitoring and special backups that a dedicated server can offer.

5) Even if you don't have visitor input, for the same reasons, you may not want to risk your crucial business on a shared server (which is standard and unseen to you normally) where your expensive valuable business is on the same servers as some porn sites, some activist or hacker group's site, or some hate or certain ethnic groups more subject to hacker attacks. Or there may be some MLM network or sharing group that shares who-knows-what kind of popular virus-ridden emails or messages that they pick up from the web.

This can be a bit like choosing to live or hang out in a risky neighborhood, or drug or disease infested eatery-club or communal living quarters. So, if you can afford it, move your business into your own clean, private mansion with servants (the hosting company).

6) For database protection from hackers, the design is important and scripts must be well-supported and updated fairly often. Choosing the right expert web design-developer-webmaster firm is the single most important choice in relation to security issues, for all these matters, such as secure web forms and form mail.

7) Likewise, your expert web designer-developer does several other things to keep your site integrity high and protected. First and foremost, they usually keep backups of your entire website to restore in event of hacking or a virus, where your server copy must be completely removed and the disk area reinitialized.

8) Secondly, your web designer can also do webmaster functions, like being sure your site is monitored for uptime and hacking, which should be done at least daily if you have a large site. A web designer /webmaster does not normally do this unless you contract with them to monitor your site.

9) Another crucial role of a good web developer is to monitor for software updates and anticipate server upgrades and patches which can bring down a website or cause it to malfunction. These usually infrequent problems can cause outages or problems that may require long and difficult analysis or convincing of the hosting company that a problem has resulted from their update/patch.

Hosts are now often installing security updates, like the way your PC may almost daily install security update patches and fixes. Your web developer tries to have recent backups or know whether the versions of your scripts are compatible with recent server upgrades, such as PHP language. Changes in PHP often can make PHP scripts quit, when their versions versus the server's do not match/ are not compatible.

10) For these reasons, understand that security updates and installation of new releases of your scripts, such as shopping carts, is crucial to both their security and their continued smooth operation. If your scripts are not well-supported and recent, they may have already become vulnerable, known by hackers to be easier targets. But for the reasons explained above, if the server software and language and even browsers have been updated (as they are more and more often), the script may just stop working.

Shopping carts are the most crucial to keep updated by the script company. Obviously hackers are more interested in getting into transaction processing systems where they know names and credit card information is being collected. Don't go off into some peculiar complex Cart system like OS Commerce that your web developer may not support. Talk to them first and choose the scripts they suggest and support.

In all of these, there is a happy medium between scripts that are too complex (unsupportable), too popular (hacker prone), and not popular enough to have support. Only your web developer knows which is better.

11) The most common disaster with failures much like hacking is to from letting anyone other than the web designer or webmaster modify the website. As we discuss in the WYSIWYG and Web Site Generator article, all too frequently some well-intended SEO person or content writer somehow believes that their page editor will work just fine on your site. Never let that happen.

Always have strict procedures from the web designer if you must allow limited text content areas or a blogging area to be updated by someone else. Failure to observe this precaution can cost you hundreds or thousands of dollars of work to restore and repair improved compliant code designed for easy upgrades, maintenance, browser compatibility and W3C compliance Letting someone modify the site essentially means destroying back-up controls

12) Study up a bit more and listen to your web designer BEFORE you get deep into a method, design or script, to avoid some of the numerous security risks and pitfalls. Expect to get seriously spammed or hacked at some point. Your designer can not guarantee that won't happen, but simply reduce the probability that it will, or increase the time between its occurrence.

13) Don't get overly caught up in fads or the latest unproven rage of "having to have" a forums or blog, and avoid direct entry of anything into your database. All postings such as classifieds or links must go through a review and approval process, or else may cause numerous problems. Watch for spammers and hackers in your new user or new customer registrations. If you don't have the staff and experts to avoid security issues, reconsider your plans and talk to your designer about possible work-arounds or forms with stricter edit controls that discourage spammers and hackers.


There are more aspects to security, and special software to aid hacker detection, but those are beyond the scope of this article. We have hit the highlights and basics here.

Once again, as throughout these articles, you can see more why a good web designer/developer is crucial to your success on the web.

Don't pretend to be different or lucky when it comes to security issues. It is not expensive to do things right. Take "advantage" of our training and school of hard knocks of proper design for reliability and upgradeability--proper programming standards--- right here at your finger-tips.

Understand that making the right choices and paying attention to security issues in advance becomes a competitive advantage on the internet where every advantage matters, just as it does in basic business. It is the sum of these advantages, well-managed, that lets you win over competitors, saves money by avoiding crisis, and gradually makes your business more fun and more profitable.

Explore "doing it right" at affordable rates. Contact us.


Note: To learn more about proper design, browse our other articles and guides to plan and choose all the right components and methods for a successful site. Good management starts with knowledge, particularly in a modern, complex changing field and topic like the internet.

Go To Top

Need Help With Web Forms - FormMail- Protected Documents?
Top-Rated Hosting

Lunarpages Internet Solutions

Disclosure: We review and research hosting companies based on many factors (See Experts' Choice Top Hosting Companies ).
Only "Top-Rated" hosting companies appear on our websites. We recieve remuneration from some of these companies. Although we vet these hosts, their appearance here is not a guarantee or endorsement, but merely our independent opinion. Any guarantee is solely that of the hosting company.

Valid XHTML 1.0 Strict Valid CSS!