Whether you run an ecommerce store or a nonprofit, security and privacy are top concerns. You want to ensure sensitive data (yours and your customers') is protected, financial transactions are secure, and your website is not taken offline by DDoS (Distributed Denial-of-Service) and other malicious attacks.

In my last blog post, I talked about the importance of secure communications. Emailing, calling, and texting are all part of your business's overall security picture. There are also essential tasks and tools that keep your website secure, including HTTPS, SSL certificates, DDoS protections, and PCI-DSS (payment card industry data security standard) compliance. Sound complicated? It is! Most small business owners choose to outsource website security. There are two ways to do this:

Open Source Website Builders Like WordPress

WordPress is the most popular website builder in the world. Because it's open source, customization options are practically infinite. It works best for large organizations with a dedicated team of web development and cybersecurity experts. It can also work for bloggers and other creators with simple needs and few security concerns. While WordPress itself is free, security features and updates are not automatic. There is time and expertise involved in installing and updating security plugins. If you or someone you hire does not regularly do this, your site can fall prey to cyberattacks.

All-Inclusive Website Builders like Wix and SquareSpace

At TAO Websites, our passion is design: making your website pleasing to look at, easy to use, and goal-focused. Therefore, we work primarily with website platforms that offer built-in security and other features at a low* monthly cost. You can get a free trial with SquareSpace or publish a site for free with Wix, but most businesses will need at least a basic paid plan.

SquareSpace and Wix both:

• Are designed for ecommerce. Online stores are key market segments for both SquareSpace and Wix. Accordingly, they both are compliant with PCI-DSS, the current standard for credit card transactions. Both are deeply invested in protecting their reputations as ecommerce platforms. Wix notes that they use an "innovative combination of data analysis and machine learning to help protect you and your site visitors from possible fraud activities."

• Include key security features with their basic plans. All Wix and Squarespace sites include data encyption standards like HTTPS, TLS 1.2 and above, and SSL.

• Monitor for threats and vulnerabilities 24/7. Your Wix or SquareSpace site is hosted on these companies' servers. Security updates happen continuously, inconspicuously, and automatically. Wix and Squarespace employ dedicated, expert cybersecurity teams.

Below is a Wix promotional video that goes into more detail about their security initiatives.

Security Practices for All Site Owners

Whatever website builder you choose, there are some easy, basic steps you should always follow:

• Use strong passwords and two-factor authentication. Wix, SquareSpace, and WordPress all offer two-factor authentication to keep hackers from stealing your login information and accessing your account. Make sure it's turned on. An example of two-factor authentication is getting a code via text if you try to login on your computer.

• Be careful who accesses your account.

  • If you hire a designer, SEO expert, or developer, be sure to check their credentials before giving them access to your site. Can you find reviews for them on Google or another platform? For example, you can see that TAO Websites has been in business for several years and past customers are satisfied. Wix and Squarespace both offer directories of designers who have gone through at least some level of vetting. TAO Websites is listed on both the Wix and Squarespace Marketplaces.

  • It's also important to be wary of the third-party extensions and apps you install. These can be malicious or have security vulnerabilities. Wix says they ensure vendors align with their security standards, but that's not true of all platforms.

  • If you do collaborate with others on your account, you can customize the roles and permissions you give them, rather than giving them full access.

This concludes my high-level overview of how to build a private and secure website. Ready to get started? Reach out to us today to learn more about the pros and cons of Wix and SquareSpace.

*Rates for Wix websites are currently $17-$159/month, depending on features. Squarespace Plans are $16-99/month. Most freelance developers charge the equivalent of a higher end plan . . . per hour.