An anti-alteration system for Web contents is described. A public-web-server computer stores safe web files encrypted from the original web contents, including static files (such as html, text, jpg, gif, wav, mp3, asp, exe, etc.) and dynamic files (such as php, perl, java script, etc.). An original-Web-server computer stores the original web content and connects to the public-web-server computer through a protected access port such as a firewall. When a website visitor's request is received, the public web server checks the safe web file, and if the safe Web file has not been altered, the web server sends back the web content decrypted from the safe web file. A recovery module is used for encrypting the web content to the safe web file on the original web server computer.