Secure from the core
Thoroughly incorprate security into the platform, giving you protection from the get-go and a safe foundation for your sites viewing.
Secure Software Development Lifecycle
At every step of the development process, we use security best practices-like design and code reviews, threat modeling and penetration tests-to ensure a safe platform.
Safe Data Encryption
Our data in transit encryption uses HTTPS, TLS 1.2+ and automatic SSL, while data at rest uses AES-256- the strongest encryption standard commercially available.
Secure Payments & Anti-Fraud
All WIX sites are compliant with the highest Payment Card Industry Data Standards, supported by anti-fraud protection, to safeguard payment info and protect transactions.
Third-Party Risk Management
Third-party services help provide an optimal experience, but can pose vulnerabilities. WIX operates a strict TPRM Program to ensure vendors align with our security standard.
We keep a vigilant watch over our platform, gathering real-time insights to detect any threats so you can keep focusing on your business.
Wix immediately detects and responds to denial of service attacks, making sure your site stays resilient and available.
SOC & SIEM
Our experts in the Security Operations Center work 24/7/365 with advanced system information and events monitoring to detect and respond to threats, faster.
We invest in using top-notch tools and technologies to achieve high visibility of our security posture, so we can keep operations secure across our entire platform.
Data Analysis & ML
This innovation, signature approach uses machine learning to detect pattern changes and suspicious activity, in order to block any attempted misuse of your account, data or site.
Bug Bounty Program
We go the extra mile by inviting independent security researchers to try and "hack" our platform, rewarding them for discovering any vulnerabilities that could affect you.
Protection when you need it most
The success depends on its availability and continuity.
That is why WIX designs response plans to keep things running, in any situation.
In case of emergency, our dedicated IR team is highly trained to establish a plan of action and rapidly respond to cyber security threats.
Business Continuation Plan
To ensure secure WIX operations during potential disruptive events, our teams have a BCP that outlines steps for reliable continuation and smooth recovery.
Periodic Training & Simulations
We perform regular BCP simulations to prepare each of our teams for quick action, so you can continue to run your business-uninterrupted.
Wix is committed to the highest international privacy and security regulations. Our website security certificates include PCI DSS Level 1, Soc 2 Type 2 and several ISOs, and we’re compliant with GDPR, CCPA, LGPD.
Physical data security
WIX world-leading data center providers meet the top standards for physical, environmental & hosting controls.
Why is website security important?
Website security is essential to protect you from DDoS attacks, malware and other cyber security threats. These threats attempt to gain access and use confidential information from you and other visitors.
At WIX, security is built into the processes and platform, complemented by 24/7 monitoring to detect vulnerabilities. They are constantly upgrading the security protocols and practices in order to keep the websites and your personal information protected.
How can I make sure Wix website interactions and sites are secure?
WIX provides several security options to help make sure your viewing and sites are safe. We recommend adding an extra layer of protection to your login by enabling 2-step verification through email, SMS or third-party authentication app. We also encourage users to create tough-to-break passwords with multiple characters and symbols.
For content management security, Roles & Permissions for others collaborating gives control over the data they have access to. Single sign-on and site members validation for site visitors!
Wix supports Facebook and Google SSO for individuals, and OpenID Connect protocol for enterprises
How does Wix protect site visitors data?
Information Security and the protection of user and site visitor data is of the highest priority at Wix. The Wix Security team uses an Information Security Program based on international best practices, and it is constantly evolving to address emerging threats. We also implement data encryption using HTTPS, TLS 1.2 and above, and SSL.
Wix software engineers develop our platform with a security by design approach, which means they keep security and privacy top of mind throughout all design phases. Wix seeks to add as many default and out-of-box security boundaries to its systems as possible, in order to reduce the probability of vulnerabilities and to support secure development.
All Wix sites come with an SSL certificate. You can read more about SSL and HTTPS here.
How does Wix protect my payments and transactions?
We maintain PCI DSS Level 1 certification, the highest Payment Card Industry Data Security Standard. Wix regularly monitors its systems for possible vulnerabilities and attacks, and seeks new third-party services to help maintain the security of our platform and privacy of user data. We also use an innovative combination of data analysis and machine learning to help protect you and your site visitors from possible fraud activities.
Who is in charge of security at WIX?
Wix has a dedicated security team made of industry-leading experts. There is also support and perspective of external independent researchers through initiatives such as Bug Bounty Program.
The security team is tasked with maintaining the company's defense systems, developing security review processes, building a security infrastructure and constantly monitoring and optimizing our security solutions, so users can focus on running their businesses.
How can I contact Wix about website security?
Wix takes security issues very seriously, and are committed to protecting your data and that of site visitors. If you have any questions, you can contact the Wix Security Team at firstname.lastname@example.org. Learn more