Do a Google search for "whois uk" and one of the top sites that will come up (usually at No. 3) is whoisuk.co.uk. (To keep this page open and carry out this search, click here and the Google search page will open in a new window).

This is a highly successful website - they do well in Google and they have a nice fast domain checker.

However, at the time of writing, this site has been hacked. Here is a screenshot of what you should see (the normal front page of this site, courtesy of Google's cached pages):

And here is a screenshot of what is there as of 27th November 2008:

(Click either of the images above for a larger picture)

It's a shame - a dreadful shame - that there are people who will do this just for fun - as the hacker has stated, he did it for the "lulz" (definition of this unpleasant phrase can be found here), but it is also a fact of life.

Website code is just like almost any other computer code, such as Windows or the applications that you have running on your PC, or your email client - it has bugs, security holes and problems. Sometimes, the security holes exist even though nobody has found them yet. But that doesn't mean that nobody will find them and, if you're the unfortunate victim of someone who finds such a hole in your stuff, then the results can be disastrous.

This is why you use anti-virus software on your PC and, more recently, anti-Trojan, anti-phishing, anti-spyware software. This is why you (hopefully) update your copy of Windows (if you happen to use Windows) regularly, downloading and installing any patches that Microsoft happen to offer.

And the reason why Microsoft release so many patches is the same reason why anti-virus vendors provide updates to their software; new security holes, new viruses, new hacks are discovered every single day.

Your website is no different. As a web design company, we always try and convince our clients to let us protect and maintain and monitor the code of their website. We're tapped into every single major security website available and we're amongst the first to know when a new hack is afoot. This puts us in the great position of being able to fix any problems on the websites we run, for ourselves and for our clients as soon as we're aware of them.

If we receive a security announcement telling us that a particular PHP function is vulnerable to a particular type of attack, we fix it in every single site that we've used that function in. Sorry, to be accurate, we fix it in every single site that we've used that function in where the owner is paying us to look after it.

What's my point?

My point is that, sadly, convincing clients that they need to pay us to do this work is one of the hardest jobs I have. Often they don't see the value. Thankfully, we haven't yet had a single website hacked, but it might happen one day - and when it does, it won't be pleasant.

Now, I'm not the sort of person to ever say "I told you so", but I know that when that day comes, I'll be biting my tongue really really hard…

So, when your web designer or web developer asks you to pay him a small yearly fee to protect your website, consider it a necessary evil. Prevention is always, always better than cure.

And cheaper.