Web Professional Security Survey 2019

How agencies approach website security and protect their clients’ websites.

This report analyzes over 1,000 survey responses from web professionals, including web designers, developers, freelancers, and marketing agencies. The respondents consisted of Sucuri and GoDaddy customers, whose responses produced statistics associated with:

  • Professional business models
  • Service offerings and tools
  • Approaches to website security
  • Planning for hacks and attacks

Download Report (PDF)


The Web Professional Security Survey is produced to better understand how agencies run their businesses and the challenges they face when dealing with security incidents. This report uses data collected in 2018.


The term web professional refers to any website service provider, including:

  • Website developers and designers
  • Marketing agencies and SEO
  • Brand reputation agencies
  • Web hosting providers
  • Freelancers
  • Managed service providers (MSPs)

When asked how many clients the website professionals were responsible for, these were the results:

How many clients are you responsible for?

Looking further into this data, we see that the large majority in this bucket manage less than eight websites. This doesn’t necessarily mean that these websites are small, some of them can have over a thousand pages requiring a lot of work to keep updated and optimized.

How many websites are you responsible for?

Website professionals offer a variety of services and the number of clients doesn’t always reflect the size of the business. Some larger agencies service only a handful of clients, and startups or specialized service providers may choose to limit the number of clients they take on.

What services do you offer?

Agencies that offer marketing services, such as SEO and advertising, make up nearly a third of all responses.

The second largest group is Website Maintenance, which refers to agencies that set up a website with domain, hosting, and even SSL certificates. Sometimes they are also responsible for handling updates, hardening, and website security.

With only 0.24% of respondents saying that they offer website security as a service, there is an opportunity for web professionals to differentiate themselves by promoting website security in the early stages of client relationships.

A hosting service provider offers the management of website servers and databases on behalf of their clients, whether it is self-hosted or through a larger hosting company.

44% of web professionals surveyed provide hosting services

Website hosting companies of all sizes feel the pain when it comes to end-user website security. Clients expect their hosting company to help them address website security incidents such as being hacked, blocklisted, or attacked.

A Content Management System (CMS) allows web professionals to build sites faster. Some are best for ecommerce websites, others are more suitable for blog pages or business-oriented websites.

What CMS do you use?

Recently, we released our Hacked Trend Report for 2018, which analyzed 25,466 infected websites including specific CMS applications. The results in this report do not imply that these platforms are more or less secure than others, it merely reflects the overall popularity of the CMS.

We have prepared guides for some of these popular platforms, such as our WordPress Security Guide and Magento Security Guide.