Why Squarespace Is the Best Choice for a Secure Website
Warning: This is not fun reading (although I try to make everything fun), but itβs important. Iβve tried to keep this short, so Iβve included links to other websites that will go into more detail if you are interested in the technical stuff.
Is this you?:
βI know website security is important, but I donβt know why and I really just want someone who does know to manage it for me.β
If you have a WordPress site, you will have to do some research, manage this yourself, or pay someone else to do it for youβ¦period. You can do a Google search and find lots of articles about how easy it is to implement safeguards to keep your WordPress website safe. In all scenarios, it means more work and/or money for you.
Do you know whatβs even easier than that? Doing nothing and feeling confident that your website is safe. Thatβs the scenario if you choose a Squarespace website.
With Squarespace, you can rest assured that your website and domain are safe. What better scenario is there than having an entire team of experts managing security behind the scenes while you doβ¦nothing. And it doesnβt cost extra!
In fact, the most you will ever have to do to learn about website security is read this blog post that hits the high points and pull the trigger on a Squarespace website. One and doneβ¦my favorite execution method.
This is one of many reasons people switch from WordPress to Squarespace.
Why is website security so important? Whatβs the worst that can happen?
As the owner of a website, your main concern is being the victim of a cyberattack.
Cyberattacks can impact both the website owner and visitor.
Simply put, a cyberattack is βan attempt to gain illegal access to a computer or computer system for the purpose of causing damage or harm.β (Thank you Merriam-Webster for that simple definition).
There are many ways a cyberattacker can hack your website. Here are some definitions and methods used by cybercriminals. In the interest of simplicity, all definitions are derived from Merriam-Webster.com (MW) or wikipedia.com (W).
6 Common Ways a Cyberattacker Can Hack Your Website
Distributed Denial-of-service (DDoS): βAn attempt to interfere with the normal operations of an online service (such as a website or app) by overwhelming it with repeated automated requests for data from multiple sources.β (MW) Typically, this is accomplished by flooding your website with an army of βbots.β
Malware: βSoftware designed to interfere with a computer's normal functioning.β (MW) Types of malware include worms, trojans, spyware, and keyloggers. This type of attack is common with WordPress.
Phishing: βA scam by which an Internet user is duped (as by a deceptive email message) into revealing personal or confidential information which the scammer can use illicitly.β (MW)
SQL Injection: βSQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.β (W) This allows an attacker to access information in the backend of your website that wasnβt intended to be displayed, like customer or company data. This type of attack is common with WordPress.
Man-in-the-middle attack: βA cyber-attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.β (W) These mostly occur on unsecured public Wi-Fi networks.
Brute force attack: βconsists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly.β (W) This type of attack is common with WordPress because, by default, they donβt limit the number of login attempts.
How will Squarespace protect my website?
When I asked a Squarespace support technician how Squarespace secures its websites and domains, the technician (Davide) was extremely helpful.
These were the details he provided. Iβm including definitions since I had to look them up myself π .
7 Ways Squarespace Protects Your Website and Domain
Squarespace has a dedicated security team comprised of security engineers and GRC professionals. The team employs security controls and monitors our environments to ensure we're aligned with security best practices and Squarespace policy.
GRC (Governance, risk management, and compliance) Professional: βA GRCP Professional is someone who spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, strategy, performance management, risk management, internal control, compliance or ethics activities.β From oceg.org.
Squarespace undergoes annual assessments to maintain its PCI DSS compliance.
βThe Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.β From digitalguardian.com
Squarespace regularly performs security scanning of their network.
Squarespace uses a number of tools to guard against Cross-Site Scripting (XSS), SQL injections (defined above), and other potential vulnerabilities.
Cross-Site Scripting (XSS): βCross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.β From owasp.org. With this kind of attack, the code is executed in the userβs browser and the attacker can essentially assume the identity of the user and hijack their account. It is common in forums, message boards, blogs, and visitor comment fields. This type of attack is common with WordPress.
Squarespace uses network hardware from industry-leading vendors for protection against intruders, employs a variety of dynamic threat mitigation techniques, and implements measures to protect against denial of service (and DDoS) attacks. (DDoS is defined above).
Services are redundant at all tiers.
All domains correctly added to your Squarespace site are automatically protected with free SSL certificates to improve security. SSL secures connections and prevents hackers from impersonating you or stealing visitors' information.
What is an SSL certificate and how does it protect my domain?
An SSL, or βSecure Sockets Layerβ certificate is an identity certificate that enables encrypted communication between your visitorsβ browsers and your websiteβs server.
With an SSL certificate, any information shared by a visitor can only be read and interpreted by the server it is being sent to, warding off hackers and identity thieves.
In simple terms, it ensures a private interaction between a browser (your website visitor) and the Squarespace server hosting your Squarespace website.
It shows your visitors that your website isnβt bogus and encrypts the data being transmitted from your visitors so it canβt be hacked.
The βSβ that appears at the end of βHTTPSβ in the visitorβs web browser as well as the little lock π that appears next to it is the indication to your visitors that you have have an SSL certificate and that the information they share over the website is safe.
How do I enable an SSL certificate on my Squarespace website?
SSL is automatically enabled, you just need to choose your SSL settings. Easy peasy!
1. In your home menu select 'Settings'
2. Scroll all the way to the
bottom and select 'Advanced'
3. Choose 'SSL'
4. Choose these settings
5. Select 'save' at the top
Seriously, itβs that easy.
In conclusionβ¦
I may be a little biased, but to me, this one is a no-brainer.
Do you have any comments or feedback? Have you experienced the horrors of a hacked website and made the switch to Squarespace? Iβd love to hear about it in the comments below. π
My Insta
@jenxwebdesign
