Security is a top priority at Webflow, and we implement various internal security and application security protocols to protect your account and site data.
To secure your account and sites, we suggest following these recommended practices:
- Utilize a robust account password
- Implement either two-factor authentication or Single Sign-On
- Avoid disclosing your Webflow account or email address
- Confirm ownership of your domain
- Steer clear of phishing and smishing scams
- Adjust your creator profile privacy settings
- Regularly update your browser and operating system
Create a strong account password
Important: Under no circumstances should you share your Webflow login credentials with others. Ensure that your passwords and other authentication details (e.g., two-factor authentication codes) are kept confidential. Instead of sharing your account with team members or clients, consider utilizing Workspace plans for collaboration.
When creating a secure password for your account, it is recommended to:
- Use a unique password
- Incorporate a combination of uppercase and lowercase letters, numbers, and special characters
Avoid:
- Reusing passwords used for other services
- Including personal information such as your birthday or name
- Using common, easily guessed words or sequences like
password
,123
, etc.
Further, it is advised to periodically change your password. Whenever you update your password, opt for a new, unique one that you have not used previously.
Pro tip: Employ a password manager to generate and store random, unique passwords. This way, you do not have to recall all your passwords or store them insecurely in documents or spreadsheets.
Utilize two-factor authentication or Single Sign-On
Two-factor authentication (2FA) enhances the security of your account by necessitating a unique authentication code in addition to your account password. This additional layer of protection ensures that unauthorized users cannot access your account with just your password alone. 2FA is accessible to all users, irrespective of the Workspace plan.
For users on Enterprise Workspace plans, enabling Single Sign-On (SSO) streamlines the authentication process by permitting users to log in once using a single set of credentials.
Avoid revealing your Webflow account or email address
Sharing your account or primary email address with another individual is a violation of Webflow’s Terms of Service. To collaborate on sites with team members or clients, consider utilizing Workspace plans. It is your responsibility to safeguard your account credentials and prevent any unauthorized account use. If you suspect or are aware of unauthorized account access, it is imperative to promptly inform Webflow.
Confirm ownership of your domain
In order to publish your Webflow site on a custom domain, you must verify ownership of that domain. This verification process deters domain hijacking by restricting the domain’s use to your site. Find out more about verifying domain ownership.
Prevent phishing and smishing scams
Phishing (email) or smishing (SMS text) scams aim to deceive you into divulging sensitive information such as your account password or payment information. Should you receive a suspicious email or text purportedly from Webflow or a company associated with Webflow, refrain from responding, clicking on any embedded links, or downloading any attachments.
Common indicators of a phishing email or smishing text include:
- Urgent requests (e.g., “Your plan will be terminated in 3 days due to payment processing failure,” etc.)
- Fictitious email addresses – verify the actual address, not just the display name
- Links that do not lead to Webflow’s official sites – official domains include but are not limited to: webflow.com, university.webflow.com, etc.
If you have clicked on a link or downloaded an attachment from a suspicious email or text, change your password immediately, monitor your bank account for any unauthorized or fraudulent transactions, and report the email to your email service provider. If uncertain about the legitimacy of an email claiming to be from Webflow, reach out to our support team with relevant information (e.g., email screenshots, sender’s email address, etc.).
Webflow will never request sensitive details like payment information (including card and bank account numbers), account passwords, social security numbers, etc., via email.
Adjust your creator profile privacy settings
Your creator profile serves as a customizable public page where you can showcase information about yourself and your Made in Webflow projects. Ensure that your profile settings align with your privacy preferences. If your profile is public, only include information you are comfortable sharing publicly.
Maintain your browser and operating system up to date
Regularly update your browser and operating system to benefit from new security enhancements and patches introduced with each release. Setting your browser and operating system to auto-update ensures you are consistently using the latest versions.
Explore more about Webflow’s security measures.
- Include or eliminate Workspace spots and members - April 15, 2024
- Centering box summary - April 15, 2024
- Store a site for future reference - April 15, 2024