Streaming live at 10am (PST)

How we can protect our Webflow sites against bad actors / blocking IPs

I was recently reading about Ad Fraud and have been concerned about possible website traffic coming to my Webflow sites from potential advertising efforts.

I would like to know if Webflow will be pursuing efforts to protect Webflow users’ sites from bad actors including options such as:

  • Blocking IPs from specific visitors, regions, and countries entirely
  • Allowing access to .htaccess for further blocking of servers and bots
  • Tutorials on robots.txt usage
  • Providing more education on securing the sites in general and protecting from malicious behavior

What ways can we approach our site security to ensure we have control of how it’s being used?

This is pretty important. I’m surprised that Webflow has not answered this question? They should be all over this.

1 Like

Perhaps the amount of actual happenings of the said fraud is negligible, and wf devs have their hands full already. My guess anyway.

Edit: I mean this happening to the wf hosted sites.

You may be correct. I’m sure as the platform grows especially with e-comm that this is a small issue.

It would be good to know if countries can be blocked from accessing your web site. I simply will not be selling to certain areas and it would be nice to avoid the traffic.

1 Like

I think it’s a good topic to discuss and could help provide good privacy / accessibility features.

The goal is to build in more control over the server side access to Webflow sites from the user side. So for example, if a big news organization builds their website on Webflow and a bad actor starts committing cybercrime such as a DDOS then that news organization could take steps (provided by Webflow) to protect themselves.

I think it’s only fair that Webflow would extend that control to the user so they can assign an officer similar to the DPO - Data Protection Officer. In this case, the CISO - Chief Information Security Officer.

I think it’s healthy to have a “Security” tab where some of these features could be built.

1 Like

Hey Webflow team, how do I handle a bot crushing our site?
If we can’t control it ourselves (DNS scares me too) can we leave a request?
Help, this is costing us cash as we’re paid on total visits from some other services.

Are you running your WF site though cloudflaire?