THREAT PREVENTION
Secure from the core
Security is woven into the platform by design, so you automatically build on a safe foundation and give every client protection from the get-go.
Secure software development
At every step of the development process, we use security best practices—like design and code reviews, threat modeling and penetration tests—to ensure a safe platform.
Safe data encryption
Our data in transit encryption uses HTTPS, TLS 1.2+ and automatic SSL, while data at rest uses AES-256—the strongest encryption standard commercially available.
Secure payments & anti-fraud
All Wix Studio sites are compliant with the highest Payment Card Industry Data Standards (PCI DSS), supported by anti-fraud protection, to safeguard payment info and protect transactions.
Third-party risk management
Wix Studio operates a strict TPRM Program, including ongoing assessments, to ensure vendors align with our security standard.
REAL-TIME DETECTION
Around-the-clock monitoring
We keep a vigilant watch over our platform, gathering real-time insights to detect threats—so you and your clients can keep your focus where it counts.
SOC & SIEM
Our experts in the Security Operations Center work 24/7/365 with advanced system information and events monitoring to detect and respond to threats, faster.
Anti-DDoS
protection
Immediate detection and response to DDoS attacks means your clients’ sites stay resilient and available.
Security
visibility
We invest in best-in-class tools and technologies to achieve high visibility of our security posture, so we can keep operations secure across our entire platform.
Data analysis & ML
This innovative, signature approach uses machine learning to detect pattern changes and suspicious activity, in order to block any attempted misuse of your client’s account, data or site.
Bug Bounty
program
We work closely with independent security researchers to detect and address any vulnerabilities in our platform.
RAPID RESPONSE
Protection when your clients need it most
The success of any website depends on its availability and continuity. That’s why our response plans are designed to keep your clients’ sites up and running, in any situation.
Incident response
In case of emergency, our dedicated IR team is highly trained to establish a plan of action and rapidly respond to cybersecurity threats.
Business continuation plan
To ensure secure Wix Studio operations during potential disruptive events, our teams have a BCP that outlines steps for reliable continuation and smooth recovery.
Periodic training & simulations
We perform regular BCP simulations to prepare each of our teams for quick action, so you can continue to run your business—uninterrupted.
Physical data security
Our world-leading data center providers meet the top standards for physical, environmental and hosting controls.
Account security
Our account security features give you and your clients extra protection and capabilities.
SSO
Wix Studio supports Facebook and Google SSO for individual users, and OpenID Connect protocol for enterprises.
2FA
We offer two-factor authentication via email, SMS, phone call or authenticator app so users can add a layer of protection to their account.
Login activity log
Users can review their account login activity and change the password or log out of all devices if they see a device they don’t recognize.
Roles & permissions
Site owners can invite others to collaborate on their site, and control which tasks and data they can access.
Site Member validation
Users with membership sites can choose to validate new members via email verification.
Email verification
All new users must confirm their email address after signing up, and can update it at any time from Account Settings.
