Streaming live at 10am (PST)

Can Webflow improve access security and permissions control?

Editor accounts vulnerability

  • Editor accounts do not have 2FA.
  • No log-in or access records of Editors as well.

Team plan lacks access control function

  • Team plan members share the same access right to all folders and projects.
    Inviting external designers and developers exposes huge vulnerability risks.
  • Transferring a site away for development is not appropriate in many cases. It does not protect the client’s interest and property ownership. This way is not ideal for any live site as well.
  • As an agency, we cannot provide “Designer” to a client by adding them as a team member, as that will expose all other projects under our account.

Some similar post mentioned this before, like this one:
Inviting developer to work on my site without creating Team

On Wishlist:
Granular permissions (per team or per project) | Webflow Wishlist
Webflow Wishlist

1 Like

Also, compare to Wix, it looks like Webflow falls behind regarding security compliances and transparency:

https://www.wix.com/website-security/whitepaper

https://support.wix.com/en/article/security-of-wixs-billing-services-and-pci-compliance

I love the transparency.

Very much agree that all of these points are actual issues that WF should improve.

After some years of being with WF the Editor side of things has hardly received any upgrade in functionality – and as time passes, the impression it makes seems more and more rudimentary. In fact, these features that used to be there have been removed:

• Ability to see which other user is currently logged on – was kind of helpful if Publish makes anyone’s changes live
• Ability to edit link blocks

I try to sell this to clients telling them that the beauty is that it’s dead simple to use. Then I’ve got to start talking about its limitations … and the last potential client opted for someone else’s Wordpress proposal…

2 Likes