The invention discloses a webpage backdoor detection method and system based on non-credit-granting. The method includes the steps that firstly, a credit-granting framework and a non-credit-granting framework of a website are established; URLs and URL pages in the website are traversed and recognized sequentially, whether the URLs are in the credit-granting framework or not is judged, if the URLs are in the non-credit-granting framework, whether the URLs are completely matched with the URL pages stored in the credit-granting framework in related attribute or not is judged, if the URLs are not completely matched with the URL pages stored in the credit-granting framework in related attribute, the URL pages are tampered, and related processing operations are conducted; if the URLs are not in the credit-granting framework, the hashed values of the URL pages are calculated, whether the URLs are in the non-credit-granting framework or not is judged, if the URLs are in the non-credit-granting framework, the URL pages are webpage backdoors, otherwise, whether the URL pages have website script characteristics and executable permissions or not is judged, and further judgment is conducted. According to the technical scheme, the webpage backdoor detection method and system can perform effective reorganization on the webpage backdoors in the non-credit-granting framework, and the webpage backdoors comprise unknown or encrypted webpage backdoors. According to the webpage backdoor detection method and system, the detection efficiency is high, the false alarm rate is low, and implementation is more convenient.