Keeping Your Squarespace Site Secure

Keeping it simple and secure.

Squarespace covers most of the security for you. Your site is on their servers and they have a team that work to keep you safe from malware, hacks to the system and any bugs.

However, what people forget when doing this is that there are a couple of ways that people leave their site open to attack. Here are three things to change:

1. Disable Esc Key Login

This setting is turned on by default so you are going to want to change it. If you press Esc while viewing your Squarespace site opens the login page. What this means is that someone trying to cause your site harm can guess your password and email (even more so if it is the one on your contact page) and log straight into your configuration page. Getting rid of this makes trying to log into your site an extra step for a hacker which may cause them to move on. You can disable this shortcut in Advanced Settings.

  1. In the Home Menu, click Settings, and then click Advanced.

  2. Click Escape Key.

  3. Uncheck Enable Login with Escape Key.

  4. Click Save.

2. Your Account Details & Authentication

If you share your account details with others, please stop. Share a contributor invitation instead. By sharing your details and not changing your password frequently you are opening yourself up to attack. Whether it be from a disgruntled past employee, freelancer or someone hacking into their emails/system and getting the details. Change your password regularly.

Also, enable two factor authentication on your account:

  1. Click this link to open Account & Security settings in your Account Dashboard.

  2. Click Two-Factor Authentication.

  3. Next to Authentication App, click Set Up.

  4. Enter your account password, and click Next. If you signed up with a social account, click Continue with [social network] to verify your credentials. 

Feel like someone has been logging in and making small changes? You can check you has logged in and their IP address through the Home Menu, click Settings, then Billing & Account, then Login History.

3. Make sure that you have your SSL certificate enabled.

This is a tick box for both Google and visitors to your page. The SSL certificate indicates that your site is safe, encrypted, authenticated and unauthorised parties can’t alter date transmitted; for instance in a form block submission. To do this:

  • In the Home Menu, click Settings, click Advanced, and then click SSL.

  • Under Security Preference, choose a setting.

  • Choose, Secure (Preferred). This makes all visitors are redirected to HTTPS, even if they entered the HTTP version in their browser. Sitemaps contain HTTPS links and search engines index the HTTPS version. Unsupported browsers can’t load your site. If you registered or connected a domain on October 24, 2016 or later, your domain is set to Secure by default.