How Webflow builds security into your site design

A security breach can come from a simple moment of inattention during maintenance or a deliberate cyberattack.

No matter how it happens, the results can have far-reaching consequences for you and your users.

Even small sites should take their security seriously — the Verizon Data Breach Investigations Report found that 43% of cyberattacks targeted small businesses. But only so much can be done on the individual level to anticipate potential vulnerabilities. You need private information — yours and your users’ — to stay private so you can maintain your users’ trust and keep your website running reliably.

By using a website-building platform that has dedicated resources for site security, you are free to focus on all the exciting elements that will make your website shine. Webflow builds security into the foundation of your website and keeps those security best practices informed and up to date for you. Here’s how.

Webflow is SOC 2 compliant

SOC 2 (Service Organization Control 2) compliance tells users that the company has thorough security practices and keeps them up to date. To be SOC 2 compliant, a provider must pass a full third-party audit of their security practices and meet five trust services criteria to qualify:

  • Security: Systems and information are protected from unauthorized access.
  • Availability: Those systems are available to be used consistently.
  • Processing integrity: Systems operate in a timely and accurate manner.
  • Confidentiality: Information designated confidential is protected.
  • Privacy: That information is collected, retained when used, and then securely disposed of.

AICPA has more detailed information on the requirements, but the primary takeaway is that third-party auditing means you don’t have to just take a provider’s word on their security practices. Webflow is SOC 2, Type 1 Certified as of December 2020.

Webflow provides secure hosting services and encryption

A hosting service is where your site “lives” on the internet. It houses, services, and maintains the files that make up your website and connects your site to the internet, so it can be accessed by visitors. A good hosting service will be fast, reliable, and secure so your site never slows or crashes. A secure web host will also provide encryption — essentially, turning the data that’s communicated from your site into private code that can only be understood by the intended recipient.

AWS Hosting

Webflow is hosted on Amazon Web Services (AWS) Hosting. Their robust hosting ensures Webflow’s services, and thus your website, will run reliably and be protected from security threats, cyberattacks, and even simple traffic surges.

Through this service, Webflow offers secure and reliable hosting for your website in-house. There is a range of site plans to suit different needs, from Basic and Business up to Enterprise level, but all of them meet the same professional standards.

SSL Encryption

Secure Sockets Layer (SSL) encryption protects your non-public data from unauthorized access by encrypting it. All Webflow data is end-to-end encrypted between Webflow’s servers and your site. Plus, Webflow hosting automatically includes an SSL certificate for your website, meaning your site will be secure and visibly trustworthy for your users.

It’s a security best practice for an internet user to never log in or provide personal data to a site that doesn’t have secure encryption. You can tell if a site has an SSL certificate if the URL in your navigation bar starts with https:// or displays a closed lock icon in Chrome.

An image of how you can tell if a site has an SSL certificate in the URL. Here, we compare Gmail with Webflow

Webflow doesn’t rely on potentially vulnerable plugins

Webflow and WordPress are the two dominant professional website builders available. A primary difference is that Webflow integrates core functionality, like visual design control, SEO, CMS, and forms, while WordPress utilizes third-party plugins to enable the same functions. When using plugins, you might end up needing dozens, each with its own potential security liability. You even need to install a plugin for security support!

Plugins are created by third-party developers, and there’s no easy way to assess the security practices of each of these plugin creators. You have to rely on developers to publish updates for their plugins and then push those updates on your site as well. And if they go out of date, they can expose your site to hackers.

Webflow only uses integrations with reputable companies that have their own reliable security measures, such as Mailchimp for customer management and Stripe or PayPal for payments processing. These companies are more transparent and require their own separate secure logins.

Webflow safeguards your account and information

Webflow’s system not only follows stringent security standards, but also has measures in place to safeguard your personal account and the website you create with it.

Personal account protection

All of the valuable infrastructure for your website lives in your personal Webflow account, so it’s important to keep access to that account secure. You can protect your login with two-factor authentication, which is currently the highest standard for account security on the web.

Two-factor authentication requires you to confirm a new login attempt from another device such as a mobile phone, protecting you from illegitimate login attempts. At the enterprise level, you can also enable single sign-on for even more robust security for your team’s access.

Website password protection

Webflow allows you to enable sitewide and per-page password protection in order to restrict access to specific pages, collections, or even full websites. You can assign unique login credentials to your external clients in order to share pages that have internal documentation or sensitive client prototypes.

To create a seamless experience, you can design the appearance of the login pages so they look professional and fit the overall design of your site.

Automatic backups

Keeping your website secure also means protecting it from unexpected accidents and inadvertent changes. Webflow keeps your site safe by saving backups automatically as you work. You can also manually save backups before making big changes and name the backup files for reference. Images and all other assets are backed up as well, so you will never lose any of your vital elements.

Webflow protects your site, so you can focus on creating it

When you use Webflow, you instantly have a full security team on your side, no matter how large or small your company is. The systems supporting your site are maintained to the highest standards, and you are given the tools to keep your site secure right alongside the tools to build it.

Webflow’s team keeps the safety and integrity of its system consistently up-to-date — allowing you and your team to focus your energy on growing your website and serving your own users.  For more information, you can read the Security Whitepaper or contact the Webflow security team at security@webflow.com.