Website security is the process of preventing and detecting unauthorized use of your web server. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your website. Detection helps you to determine whether or not someone attempted to break into your website, if they were successful, and what they may have done.

Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of websites.

When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Most of the incident reports of computer break-ins received at the CERT/CC could have been prevented if system administrators and users kept their website security up-to-date with patches and security fixes.

Also, some software applications have default settings that allow other users to access your website unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.