Using anti-virus software to improve website security can be a Band-Aid, but more than likely will not prevent the intrusion from happening again. In fact by taking a few simple precautions anti-virus software for your website is totally unnecessary. Anti-virus software should not be mistaken for website protection software when the biggest problem can be human error. So let's look at some of the errors that we humans can make. Apart from targeted attacks, and most websites will not be a target, most intrusions are for the purpose of adding content to your website that compliments other websites, such as adding spamming backlinks by injecting code into existing web pages, uploading new web pages or posting ads and backlinks into blogs.


How an attacker can upload new web pages can be quite a frightening threat but will only be possible if the server software has flaws in its security. So regularly updating server operating system software is most recommended to keep abreast of threats as they are discovered. Patches are usually available before weaknesses become common knowledge. However attention needs to always be paid to the write permissions on files facing the Internet. Static web pages, those not assembled from database,  should never be writable by the public, and never writable by anyone who is not the server/site administrator.
Websites using a content management system like (CMS) pose a different problem because while the header and footer templates are static files which can be locked down, the content that is displayed on the pages is dynamically populated from database records. So databases can be targeted by what is known as "SQL injection" attacks. WordPress is probably the most commonly used CMS and if one were to check their site logs, they will usually see a great percentage of page requests failing to find a destination because they are probing for plugins and add-ons that are known to have flaws. 

Most CMS these days are properly securing databases and sanitizing all requests from web pages to remove potentially harmful code. But if yours is custom made, be sure to at least use a word filter to remove potentially malicious code. It only takes one slip and every column in every database table could be injected with gibberish, and there are banks of servers out there in the world probing every web site looking for a weakness. A lot of CMS like WordPress recommend that you leave parts of the website writable so that plugins and core files can be automatically updated. Sometimes that access can be granted via FTP but unless you can restrict FTP to access to fixed IP addresses only, enabling FTP facing the public is not recommended. A more secure option is to lock down your CMS and update plugins and core files manually.

Web blogs can provide SEO spammers an invaluable resource if allowed to accept posts by unqualified accounts. Note that "unqualified" is different to "unverified" because spammers do use automated software that will create a new account and reply to the validation email so that the software can start spamming your blog. It is always best to moderate blogs. Sometimes your website may be exploited without you ever knowing it. It can be mined for data and media to be used elsewhere, again by SEO spammers who build websites for the sake of displaying advertising banners for profit. So unless you too are hoping to attract search engines with your content, you may want to consider web copy protection software that allows users to view and read your content without it being copied or mined by data thieves.

In fact by using web copy protection software like the ArtistScope Site Protection System (ASPS) you can not only prevent copy and data theft, but also make it impossible for hackers to reach your website using the probing and hacking software and tools at their disposal.