How to Improve Security for Your Squarespace Website

Do you know that moment of panic when you realize you may have misplaced your wallet or keys? Website security is similar. You don’t think about it until there's a problem. 

Recently, I had a client whose Squarespace website was hacked. The hacker redirected her website to a gambling site. Because she found out about the issue too late, her website lost SEO authority and rankings. 

Though the issue was caused by her domain account outside of Squarespace, the same could happen within Squarespace. Let’s go through a couple of simple practices to safeguard your website, so you can always have peace of mind.

Squarespace sites, like any website, have the potential to be hacked. All software can have undiscovered security flaws that hackers might exploit. 

In general, Squarespace websites have a high level of security. Squarespace's Security Operations Center monitors for threats and vulnerabilities 24/7. As Squarespace manages everything from servers to codes, their websites tend to be more secure compared to self-hosted WordPress sites. 

The most common cause of Squarespace sites being hacked is human errors. Weak passwords, phishing scams, or accidental misconfiguration can compromise even a secure platform.

Strengthen your website security with four simple steps:

Squarespace enables SSL (that's the padlock icon in your browser bar) by default. Double-check that it's active in your site settings. This encrypts data between your visitors and your site.

You can enable SSL settings by going to Settings > Advanced > SSL. Make sure both Secure and HSTS Secure are checked. 

You should log in with a social account. If you use a password, make sure it utilizes a mix of letters (upper and lowercase), numbers, and symbols, and change your Squarespace password regularly. You can use a password manager to generate and securely store complex passwords.

2FA adds an extra layer of security – even if someone gets your password, they'll need a code sent to your phone to log in.

You can activate this in your Account Settings. In the final step, copy and save the Backup Codes in case you lose access to your phone. 

If your domain is with a third-party provider (eg. GoDaddy), active 2FA in your domain account as well. 

The more admin users your website has, the more chances for security breaches to happen. Limit admin privileges to only those who truly need them. Revoke their access if a collaborator is no longer working on your website. 

You can manage contributors under Settings > Permissions.

If you can still access your account, go in and change your password immediately. Enable 2FA to make sure the hacker can’t get in anymore. 

If you can’t access your account, contact Customer Support. Live chat is usually the quickest method. If it’s outside of business hours, submit an email and they will get back to you within a few hours. 

For recovery after regaining access:

• If it’s your domain from a third-party provider that got hacked, your Squarespace site will still be intact. You only need to establish the domain connection back to Squarespace with DNS or name server. 

• If it’s the Squarespace account that was hacked and the hacker already made edits on your pages, ask Customer Support to see if they have a backup version of your site. If not, you’ll have to recreate the pages. See if you can get an archive of your site’s design on WayBack Machine. 

Conclusion

Proactive measures provide peace of mind and protect your online presence. Though Squarespace offers robust security, proactive steps on your end will make your website even more secure. 

Read Next

• Squarespace Accessibility: 10 Steps to Improve Your Site

• Honest Review of Squarespace SEO

• 10 Clever Ideas to Improve Your Website Instantly