}
43
209
Webflow allgemein

Are Webflow Websites Secure?

Level:

The video can only be viewed if cookies are allowed.

Accept cookies and load media
Preview result
Icon für einen externen Link
Im Webflow Designer öffnen und klonen
Icon für einen externen Link
Open and clone in Webflow Designer
Affiliate Link
Icon für einen externen Link

In the past, I've actually heard from customers, as well as from other web designers, that their Wordpress website was hacked. For example, certain words on the page were suddenly converted into links, the entire look of the page changed or the performance of the website was completely paralyzed. These could be signs of website hacks.

How does Webflow handle security?

I spent an hour doing just that and recorded a few learnings for you. Nevertheless, I am not a security expert when it comes to websites.

I have to this this video Watched by Finsweet. Here is a list of the bullet points I talk about in the video:

What does it mean to make a Webflow website secure?

You hear time and again about weak points in the open source CMS Wordpress. Does the same apply to Webflow? Where are the differences?

  • Webflow generally does a good job when it comes to website security and servers. You can find more information from Webflow itself here: https://webflow.com/security.
  • Here you can check the status of the Webflow servers at any time: https://status.webflow.com.
  • A big difference to Wordpress: With Webflow, there is no way to access the backend from the frontend.
  • There is no way to reach the Webflow server from outside. As with Wordpress, for example, it is not possible to hack the login to a Wordpress backend and infect a page or the server behind it with malware.
  • Webflow's hosting infrastructure runs on AWS servers (Amazon Web Services), which in themselves already offer several security features.
  • Webflow is inherently more secure than Wordpress. Nevertheless, you always have to be careful when you leave the Webflow infrastructure and, for example, integrate or build external extensions that communicate with Webflow via an API interface.
  • Wordpress is much more widespread than Webflow and is therefore also a popular target for hackers (comparison Windows vs. Mac OS). Of course, this may also change in the future and then there could also be more difficulties with Webflow.

What are Webflow vulnerabilities and when can there be problems with your website?

  • Whenever you integrate an external script into your Webflow website, there can be security issues.
  • Some scripts only add interesting animations, but many extensions also process personal input or form data. These could be functions for member areas (member stack), job boards for applications, or the like.
  • Whenever we mix Webflow's functionality with other scripts, something CAN happen. So you should definitely trust these scripts and the developers behind them.

What can happen if a Webflow website is hacked?

If a third party tries to access your Webflow site, this could result in the following issues:

  • Site visitors are simply redirected somewhere else.
  • Your site suddenly looks different from the way you designed it.
  • A login button that you have integrated is hidden and a login button from a third party is displayed instead.
  • A link to another page doesn't redirect you to the page you actually wanted to link to.

How should you handle API interfaces?

You should ONLY give out the API key created by Webflow CMS to really trustworthy persons/companies/software!

What can others do with your Webflow CMS API key?

  • Read a list of all your projects.
  • They can read all of your domains.
  • They could read and edit all of your CMS collections.
  • Upload images to your asset manager.
  • Change and read out all of your e-commerce products or categories.
  • Modify all Webflow e-commerce orders or request refunds
  • See all webhooks or generate new ones (could be used to send data to third parties)

Integrate scripts via external servers (CDN) or via your own Webflow server

For example, if you want to use a Java Script slideshow in your Webflow website, you must integrate the JS code that another developer wrote into your site. Many such extensions recommend fast JS file integration via an external CDN server. The advantage is that you always have the latest state/code integrated into your website. The disadvantage is that this file could also be manipulated.

Host your own Java Script files in Webflow

Webflow does not directly allow you to upload JS files to the asset folder. However, you can save the code in a text file (.txt extension) and then upload it to the Webflow documents folder. Then integrate code into the page settings using the script as usual:

<script src="link-zu-deiner-datei.txt"></script>

The .txt file can also be read and processed by the browser. I'll show you exactly how to do that in the following video:


More Webflow article and tutorials →

This website was built entirely in Webflow.

© 2020 by Formburg. All rights reserved.

Links marked with * are affiliate links

Englisch Flag
English

The video can only be viewed if cookies are allowed.

Accept cookies and load media