Streaming live at 10am (PST)

Safe From Hacking? Use Sucuri?

#1

How safe is web flow from being hacked? Does using a service like sucuri make sense for a webflow website?

Web Application Firewall
#2

Here is a blog post about Webflow hosting:

tl;dr - All Webflow sites are backed up on Amazon Web Servers and inherit that level of security. Sites are also served through a secure content delivery network at Fastly.com

So, to answer your question, no. You wouldn’t need Sucuri or any other third-party security.

Hope this helps :slight_smile:

1 Like
#3

Thank you PixelGeek… I recently had a wordpress site hacked, and I was recommended I use Sucuri to resolve that issue. Is webflow less vulnerable to hacks because they don’t use third party plugins?

#4

Is webflow less vulnerable to hacks because they don’t use third party plugins?

exactly :slight_smile: however, you still have the option to add your own custom code, but thats up to you. Many things that you normally rely on on WordPress is already in Webflow.

More info here:

1 Like
#5

Thank you these are great reads. I read that webflow also provides firewalls for our safety. Does that mean that having sucuri put up a firewall is essentially useless because Webflow already has one? thank you!

#6

@Samir - As a user, there is no access to the backend scripting or database infrastructure directly. You can only make changes to your content and cms collections, and site settings via the designer app or through the API. So the back end is walled off. I can’t speak to the architecture behind the scenes, since it is not visible nor are the details published.

This is a completely different model then what Sucuri is designed to “protect”.

If I HAVE TO support a WordPress site, at a minimum, I would be running it on a locked down server, using an OS I managed, with a protected kernel, with only the versions of apps I compiled and installed, behind an application firewall, behind a network firewall with load balancing, proxied by Cloudflare with security on strict, with the most current version of WP, and with NO THIRD PARTY WP MODULES. Now there are plenty of designers who say that’s overkill. They just have not been hacked yet (that they are aware of).

Of course, that is why it’s never a good idea to leave security up to designers and website developers. With webflow, you don’t have to concentrate on that. Just saying.

1 Like