Why Squarespace Is the Best Choice for a Secure Website

Warning: This is not fun reading (although I try to make everything fun), but it’s important. I’ve tried to keep this short, so I’ve included links to other websites that will go into more detail if you are interested in the technical stuff.

 

Is this you?:

β€œI know website security is important, but I don’t know why and I really just want someone who does know to manage it for me.”

If you have a WordPress site, you will have to do some research, manage this yourself, or pay someone else to do it for you…period. You can do a Google search and find lots of articles about how easy it is to implement safeguards to keep your WordPress website safe. In all scenarios, it means more work and/or money for you.

Do you know what’s even easier than that? Doing nothing and feeling confident that your website is safe. That’s the scenario if you choose a Squarespace website.

With Squarespace, you can rest assured that your website and domain are safe. What better scenario is there than having an entire team of experts managing security behind the scenes while you do…nothing. And it doesn’t cost extra!

In fact, the most you will ever have to do to learn about website security is read this blog post that hits the high points and pull the trigger on a Squarespace website. One and done…my favorite execution method.

This is one of many reasons people switch from WordPress to Squarespace.


Why is website security so important? What’s the worst that can happen?

 

As the owner of a website, your main concern is being the victim of a cyberattack.

Cyberattacks can impact both the website owner and visitor.

Simply put, a cyberattack is β€œan attempt to gain illegal access to a computer or computer system for the purpose of causing damage or harm.” (Thank you Merriam-Webster for that simple definition).

There are many ways a cyberattacker can hack your website. Here are some definitions and methods used by cybercriminals. In the interest of simplicity, all definitions are derived from Merriam-Webster.com (MW) or wikipedia.com (W).

 

6 Common Ways a Cyberattacker Can Hack Your Website

 
  1. Distributed Denial-of-service (DDoS): β€œAn attempt to interfere with the normal operations of an online service (such as a website or app) by overwhelming it with repeated automated requests for data from multiple sources.” (MW) Typically, this is accomplished by flooding your website with an army of β€œbots.”

  2. Malware: β€œSoftware designed to interfere with a computer's normal functioning.” (MW) Types of malware include worms, trojans, spyware, and keyloggers. This type of attack is common with WordPress.

  3. Phishing: β€œA scam by which an Internet user is duped (as by a deceptive email message) into revealing personal or confidential information which the scammer can use illicitly.” (MW)

  4. SQL Injection: β€œSQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.” (W) This allows an attacker to access information in the backend of your website that wasn’t intended to be displayed, like customer or company data. This type of attack is common with WordPress.

  5. Man-in-the-middle attack: β€œA cyber-attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.” (W) These mostly occur on unsecured public Wi-Fi networks.

  6. Brute force attack: β€œconsists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly.” (W) This type of attack is common with WordPress because, by default, they don’t limit the number of login attempts.


How will Squarespace protect my website?

When I asked a Squarespace support technician how Squarespace secures its websites and domains, the technician (Davide) was extremely helpful.

These were the details he provided. I’m including definitions since I had to look them up myself πŸ˜‰ .

 

7 Ways Squarespace Protects Your Website and Domain

 
  1. Squarespace has a dedicated security team comprised of security engineers and GRC professionals. The team employs security controls and monitors our environments to ensure we're aligned with security best practices and Squarespace policy.

    • GRC (Governance, risk management, and compliance) Professional: β€œA GRCP Professional is someone who spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, strategy, performance management, risk management, internal control, compliance or ethics activities.” From oceg.org.

  2. Squarespace undergoes annual assessments to maintain its PCI DSS compliance.

    • β€œThe Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.” From digitalguardian.com

  3. Squarespace regularly performs security scanning of their network.

  4. Squarespace uses a number of tools to guard against Cross-Site Scripting (XSS), SQL injections (defined above), and other potential vulnerabilities.

    • Cross-Site Scripting (XSS): β€œCross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.” From owasp.org. With this kind of attack, the code is executed in the user’s browser and the attacker can essentially assume the identity of the user and hijack their account. It is common in forums, message boards, blogs, and visitor comment fields. This type of attack is common with WordPress.

  5. Squarespace uses network hardware from industry-leading vendors for protection against intruders, employs a variety of dynamic threat mitigation techniques, and implements measures to protect against denial of service (and DDoS) attacks. (DDoS is defined above).

  6. Services are redundant at all tiers.

  7. All domains correctly added to your Squarespace site are automatically protected with free SSL certificates to improve security. SSL secures connections and prevents hackers from impersonating you or stealing visitors' information.


What is an SSL certificate and how does it protect my domain?

 

An SSL, or β€˜Secure Sockets Layer’ certificate is an identity certificate that enables encrypted communication between your visitors’ browsers and your website’s server.

With an SSL certificate, any information shared by a visitor can only be read and interpreted by the server it is being sent to, warding off hackers and identity thieves.

In simple terms, it ensures a private interaction between a browser (your website visitor) and the Squarespace server hosting your Squarespace website.

It shows your visitors that your website isn’t bogus and encrypts the data being transmitted from your visitors so it can’t be hacked.

The β€˜S’ that appears at the end of β€˜HTTPS’ in the visitor’s web browser as well as the little lock πŸ”’ that appears next to it is the indication to your visitors that you have have an SSL certificate and that the information they share over the website is safe.

 
 

How do I enable an SSL certificate on my Squarespace website?

SSL is automatically enabled, you just need to choose your SSL settings. Easy peasy!

 
 
 
1. In your home menu select 'Settings'
 
 
 
2. Scroll all the way to the
bottom and select 'Advanced'
 
 
3. Choose 'SSL'
 
4. Choose these settings
 
5. Select 'save' at the top
 
 

Seriously, it’s that easy.


In conclusion…

I may be a little biased, but to me, this one is a no-brainer.

Do you have any comments or feedback? Have you experienced the horrors of a hacked website and made the switch to Squarespace? I’d love to hear about it in the comments below. πŸ‘‡

 
 

My Insta

@jenxwebdesign

Jennifer Barden

This article was written by Jennifer Barden, founder of Jen-X Website Design and Strategy.

Many Squarespacers feel defeated when their websites don’t attract and engage visitors.

In my blog, I share my secrets for effective Squarespace website design and strategy so that DIYers and Squarespace Website Designers can learn tips for building Squarespace websites that attract and engage the right visitors.

https://jenxwebdesign.com
Previous
Previous

My 3 Favorite (Free) Online Blogging Tools for Better Blog Posts

Next
Next

USA Legal Requirements and Recommendations You Need on Your Website