Streaming live at 10am (PST)

Webflow Security

Webflow security

I have a few questions about security on webflow and security on websites in general.

I came across an article that listed these problems as the most common security issues a website might have.

  1. SQL injections
  2. XSS attacks
  3. Error messages that may expose vulnerabilities
  4. Lack of validation on both sides (browser and server)
  5. File uploads by users
  6. No https
  7. Bad Domain configuration

My questions are as follows:

  1. What other security problems should one be wary in addition to those mentioned above?

  2. How does webflow, by default, protect websites from the threats above and other potential security problems?

  3. What can I, as a webflow web designer, do to maximize security on my webflow websites?

  4. What external tools should I use to help protect my websites?

  5. How do all of the above apply when it comes to ecommerce websites? Now that we can build websites where thousands of online shoppers will give out their credit card information, how can I be absolutely certain that I configured an ecommerce correctly and be assured that the ecommerce store is safe and reliable?

Thank you so much!

1 Like

Hi @mp357. Welcome to the forums.

The article (no reference given) is appears to be discussing issues for self hosted sites using databases and application code. Webflow is a different model.

I am going to summarize this for you, since I don’t have the time to write a 10 page comprehensive detailed response that will arrive at the same conclusion as I will provide here.

You have no access to the core backend. You can only use the designer or editor to work with your site visually or you can use the API to access / edit defined resources. You can’t run application code on your site unless you export it, modify it, and host it yourself.

As for e-commerce, the card transactions happen with the payment processor; currently Stripe.

I have been doing enterprise hosting since the late 90’s and have to fight all these battles constantly. With webflow, I don’t need to. Neither will you.


im intrested too on this matter

Webflow is solid. Not a security issue in 2 years of use. Not the same story on Wordpress. We had 2 cases of redirection hacks in 2 years and we see new hacks each week in the news. Last one was targeting Woocommerce.
Webflow as a managed solution offers a way to retrieve your site(s) as you have a company to speak to if you get hacked.

If im right they had a problem with security because there was a bug when you used google to log into webflow

I was referring to XSS attacks on a particular Wordpress plugin, no issue with Webflow at all.