Webflow is one of the best tools for web design and SEO, but what about security? In this guide we have gathered all the security measures taken by Webflow to protect your site, your data and of course those of your visitors and customers.
Web attacks or cyber attacks are becoming more and more frequent and varied. Whether you have a simple website, a web platform or an e-commerce site, a security breach can have serious consequences for you and your users. Forty-three percent of small websites are subject to cyber attacks, resulting in the loss or theft of user data. More than a simple moral need, the protection of a website is a duty governed by the RGPD and the Data Protection Act, which requires every website operator to take adequate precautions to protect data.
Defending your website is therefore a daily challenge, which is best left in the hands of real experts in the field. Each web platform, Wordpress, Wix, Webflow, Shopify, etc. has its own security methods, but there are some basic rules to follow to secure your website. Using a website creation platform is a way of delegating some of the management of your website's protection.
We often hear about Webflow as the ideal web design and SEO tool, but what about security?
At Webflow, we take security seriously. We tailor our security program to industry standards such as ISO 27001 and CIS critical security controls.
SOC 2 compliant Webflow
Developed by theAICPA (American Institute of Certified Public Accountants), the SOC 2 standard, "Service Organization Control 2", requires companies to deploy thorough web security practices and to keep them regularly updated. To validate its SOC 2 compliance, Webflow had to pass a complete security audit, verifying the reliability of its protection systems. This audit includes 5 key criteria:
- Security: The systems used and the information collected on Webflow sites must be protected against unauthorised access.
- Availability: Webflow systems must be available for constant use.
- Processing integrity: Webflow systems must operate in a timely and accurate manner.
- Confidentiality: Information designated as confidential should be protected.
- Protection: Information is collected, retained when used, and disposed of securely.
Since December 2020, Webflow is SOC 2 Type 1 certified, and is currently undergoing the audit to become SOC2 Type 2. You can check their SOC 2 security profile at any time.
Encrypted and secure Webflow hosting
A web host is a secure storage space, on which all the data of your website will be stored. To put it simply, a web host is like your website's house, and it's important to lock it up tightly so that no one can get in. Your site is therefore visible online thanks to a web host, which must be secure to protect all your data and those of your users. A good hosting service should be secure, fast and reliable to provide your visitors with an optimal experience.
Webflow hosting on AWS
Webflow hosts its sites on AWS, Amazon Web Services Hosting and therefore benefits from all the quality and security of the service. Whether it is for a marketing website, an e-commerce platform, or any other web platform, AWS is one of the best cloud hosting services in the world, meeting both performance and security needs of cloud infrastructures.
Hosted on AWS, Webflow sites therefore have reliable protection against cyber attacks as well as massive increases in traffic. In addition to the core functionality, Webflow also offers an advanced security plan for large enterprises.
Webflow SSL Encryption
Data encryption is the translation of data into another form that only authorised persons can decrypt via a decryption key. Simply put, without authorisation or a password the encrypted data will be inaccessible.
All data held by Webflow is protected by an SSL protocol which encrypts each exchange between a search engine and the Webflow servers. By default, your site will have an SSL certificate which will encrypt and protect the data exchanges of your site. The SSL certificate is essential, for example, to reassure your users when registering, connecting or paying online. To find out if a site has SSL security, simply look to see if its URL contains an "S" in HTTPS:// and not just HTTP.
Webflow site without the plugin vulnerability
One of the main flaws encountered on CMS like Wordpress, is the use of third party plugins. Plugins are actually extensions to your website, which you will use for various functions such as adding a contact form, adding a payment module, or even security. These extensions are developed and owned by different third parties who each have their own security responsibilities. Some abandon the plugins and security updates are no longer made. Others, less visible, are not analysed with as much vigilance as an integration and have flaws. You are therefore dependent on a multitude of third-party developers, sometimes independent, whose reliability in terms of security at the moment or updates in the future is difficult to know.
On Webflow, everything is developed natively with the tool, which limits the stacking of tools in your site. As far as integrations are concerned, Webflow only works with large companies such as Mailchimp for marketing or Stripe for payments. These companies have a transparent and reliable security and data protection policy, which strongly limits the risks of hacking your Webflow site.
Secure payments
If you want to develop a Webflow e-commerce site, you are probably wondering about payment security. Until now, Webflow has chosen a unique partner for online payment: Stripe. All transactions and data specific to payment are entirely managed by this specialised tool, which is certified as a Level 1 Service Provider.
Stipe uses the latest security protocols such as TLS and HTTPS to protect data, and verifies the PCI compliance of all its users (global payment account data security standards).
General security information security information :
- PCI compliance and TLS & HTTPS protocols
- Stripe security
- SSO authentication
- Fight against fraud
- Bank card test
Information on Stripe's sensitive data management
Secure Webflow account
In addition to the strict security measures for your visitors, Webflow is committed to protecting your personal data.
Protecting your Webflow access
Your Webflow login credentials give access to your entire account and therefore to your website or web projects. Webflow offers a two-factor authentication system to provide additional security for your account. This type of authentication is currently the highest security system for a web account. It involves confirming each new login on another device. So, if someone logs into your Webflow account, you will be alerted of this new connection and will be able to authorize it or not.
In addition, there are other features to manage authorisations in Webflow :
- SSO authentication with G Suite
- Single sign-on by subscription
- Authorisations based on defined roles
Protection of your webflow pages
In Webflow you have the possibility to protect each of your web pages with a password. The objective is to restrict access to certain pages of your website. Thus, the access to a page, to a set of pages or even to the whole site will be restricted by a password.
Webflow data recorded
Registering your data is also a way to protect your site and to design safely. First of all, saving is automatic in the Webflow designer mode. Each modification is therefore saved in the Webflow servers and via a ctrl + Z you can easily go back.
In addition to going back in time during development, Webflow also saves the entire history of your website. You will be able to easily go back to a previous date to restore your site if needed.
Webflow Security Contact
If you have any questions about the security of Webflow sites, we invite you to contact a member of the Digidop team or directly the Webflow specialized support at the following address: security@webflow.com
For more information you can always consult the Webflow security policy.
Protection of your users' data, protection of your personal data, protection of your website and data history, Webflow is a fully secured website creation tool. Webflow incorporates the best security practices for your website, and we are continually updating this article to keep you informed of the latest Webflow security methods.