THREAT PREVENTION
Secure from the core
We thoroughly incorporate security into our platform, giving you protection from the get-go and a safe foundation for your sites.
Secure Software Development Lifecycle
At every step of the development process, we use security best practices—like design and code reviews, threat modeling and penetration tests—to ensure a safe platform.
Safe Data Encryption
Our data in transit encryption uses HTTPS, TLS 1.2+ and automatic SSL, while data at rest uses AES-256—the strongest encryption standard commercially available.
Secure Payments & Anti-Fraud
All Wix sites are compliant with the highest Payment Card Industry Data Standards, supported by anti-fraud protection, to safeguard payment info and protect transactions.
Third-Party Risk Management
Third-party services help provide an optimal experience, but can pose vulnerabilities. Wix operates a strict TPRM Program to ensure vendors align with our security standard.
REAL-TIME DETECTION
Around-the-clock monitoring
We keep a vigilant watch over our platform, gathering real-time insights to detect any threats so you can keep focusing on your business.
Anti-DDoS Protection
Wix immediately detects and responds to Distributed Denial of Service attacks, making sure your site stays resilient and available.
SOC & SIEM
Our experts in the Security Operations Center work 24/7/365 with advanced System Information and Events Monitoring to detect and respond to threats, faster.
Security Visibility
We invest in using top-notch tools and technologies to achieve high visibility of our security posture, so we can keep operations secure across our entire platform.
Data Analysis & Machine Learning
This innovative, signature approach uses machine learning to detect pattern changes and suspicious activity, in order to block any attempted misuse of your account, data or site.
Bug Bounty Program
We go the extra mile by inviting independent security researchers to try and “hack” our platform, rewarding them for discovering any vulnerabilities that could affect you.
RAPID RESPONSE
Protection when you need it most
The success of your business depends on its availability and continuity. That’s why Wix designs response plans to keep your business up and running, in any situation.
Incident Response
In case of emergency, our dedicated IR team is highly trained to establish a plan of action and rapidly respond to cyber security threats.
Business Continuation Plan (BCP)
To ensure secure Wix operations during potential disruptive events, our teams have a BCP that outlines steps for reliable continuation and smooth recovery.
Periodic Training & Simulations
We perform regular BCP simulations to prepare each of our teams for quick action, so you can continue to run your business—uninterrupted.
Compliance
and certifications
Wix is committed to the highest international privacy and security regulations. Our website security certificates include PCI DSS Level 1, Soc 2 Type 2 and several ISOs, and we’re compliant with GDPR, CCPA, LGPD.
Physical data security
Our world-leading data center providers meet the top standards for physical, environmental & hosting controls.
FAQ
Why is website security important?
Website security is essential to protect your site from DDoS attacks, malware and other cyber security threats. These threats attempt to gain access and use confidential information from both you and your visitors.
At Wix, security is built into our processes and platform, complemented by 24/7 monitoring to detect vulnerabilities. We’re constantly upgrading our security protocols and practices in order to keep your sites and business protected.
How can I make sure my Wix account and sites are secure?
Wix provides several security options to help make sure your account and sites are safe. We recommend adding an extra layer of protection to your login by enabling 2-step verification through email, SMS or third-party authentication app. We also encourage users to create tough-to-break passwords with multiple characters and symbols.
For content management security, you can set Roles & Permissions for others collaborating on creating your site, giving you control over the data they have access to. You can also choose to allow single sign-on and site members validation for site visitors. Wix supports Facebook and Google SSO for individuals, and OpenID Connect protocol for enterprises.
How does Wix protect my site visitors’ data?
Information Security and the protection of user and site visitor data is of the highest priority at Wix. The Wix Security team uses an Information Security Program based on international best practices, and it’s constantly evolving to address emerging threats. We also implement data encryption using HTTPS, TLS 1.2 and above, and SSL.
Wix software engineers develop our platform with a security by design approach, which means they keep security and privacy top of mind throughout all design phases. Wix seeks to add as many default and out-of-the-box security boundaries to its systems as possible, in order to reduce the probability of vulnerabilities and to support secure development.
All Wix sites come with an SSL certificate. You can read more about SSL and HTTPS here.
How does Wix protect my payments and transactions?
We maintain PCI DSS Level 1 certification, the highest Payment Card Industry Data Security Standard. Wix regularly monitors its systems for possible vulnerabilities and attacks, and seeks new third-party services to help maintain the security of our platform and privacy of user data. We also use an innovative combination of data analysis and machine learning to help protect you and your site visitors from possible fraud activities. This same Wix infrastructure that incorporates security from the initial development of our products includes multi-cloud ecommerce hosting that helps improve page performance and speed.
Who’s in charge of security at Wix?
Wix has a dedicated security team made of industry-leading experts. We also get the support and perspective of external independent researchers through initiatives such as our Bug Bounty Program.
Our security team is tasked with maintaining the company’s defense systems, developing security review processes, building a security infrastructure and constantly monitoring and optimizing our security solutions, so users can focus on running their businesses.
How can I contact Wix about website security?
We take security issues very seriously, and are committed to protecting your data and that of your clients and site visitors. If you have any questions, you can contact the Wix Security team at security-report@wix.com. Learn more