top of page
A sample website homepage shows green, cube-shaped hanging light fixtures on an purple and gray background with headline "Spotlight on You". The site is surrounded by icons that convey security including a shield, a PCI-DSS label, and a cloud that says "SSO".

Your security, our priority.

With security at our core, we provide our 220M+ users with fully managed, 24/7 site protection so they can run their businesses with peace of mind.

Comprehensive security framework

Wix’s corporate security mindset and strategy are guided by our three-pillar security approach. This framework helps ensure thorough protection of data confidentiality, integrity and availability.

Wix stays at the forefront of threat prevention. We thoroughly incorporate security into our platform, giving sites a safe foundation and protection from the get-go.

SSDLC

At every step of the development process, we use security best practices—like design and code reviews, threat modeling and penetration tests—to ensure a safe platform.

Safe Data Encryption

Our data in transit encryption uses HTTPS, TLS 1.2+ and automatic SSL, while data at rest uses AES-256. Our high-security PCI environment uses a FIPS 140-2-certified HSM.

Secure Payments & Anti-Fraud

All Wix sites are compliant with the highest Payment Card Industry Data Standards, supported by anti-fraud protection, to safeguard payment info and protect transactions.

Third-Party Risk Management

To help protect client and site safety in working with third-party services, Wix operates a strict TPRM Program to ensure vendors align with our security standard.

Compliance
and regulations

We’re committed to your privacy and data protection—and that of your customers. Wix is compliant and certified with the highest international privacy and security regulations, including Soc 2 Type 2, PCI DSS Level 1, several ISOs, GDPR, CCPA and LGPD.

Nine official icons for Wix’s compliance certifications mentioned in the description of this section: Soc 2 Type 2; PCI DSS Level 1; ISO 27001, 27017, 27018, and 27701; GDPR, CCPA and LGPD.

Physical data security

We’re hosted by world-leading DC providers AWS, Google Cloud Platform and Equinix, which all comply with the highest industry standards for physical, environmental and hosting controls.

Google Cloud official logo.
A.W.S. official logo.
Equinix official logo.

The Wix Bug Bounty Program

When it comes to our users’ safety, we go the extra mile. Wix invites independent security researchers to try and “hack” our platform for a reward, collaborating with some of the world’s best in the field to identify and address platform vulnerabilities—early and proactively.

A small pie chart in green, purple and black labeled “Resolved Reports,” “Informative Reports” and “Duplicate Reports” is in a white box, displayed over sample secure code on a black background.

Account security

Our account security features give users extra protection and capabilities.

SSO

Wix supports Facebook and Google SSO for individual users, and OpenID Connect protocol for enterprises.

2FA

We offer two-factor authentication via email, SMS or authenticator app so users can add a layer of protection to their account.

Roles & Permissions

Site owners can invite others to collaborate on their site, and control which tasks and data they can access.

Site Member Validation

Users with membership sites can choose to validate new members via email verification.

Email Verification

All new users must confirm their email address after signing up, and can update it at any time from Account Settings.

Password Strength Indicator

We encourage users to create tough-to-break passwords with multiple characters and symbols to help secure their accounts.

Our security culture

“We’ve created a team of the best infosec people, coupled with high-end technology and robust processes, to manage data and flows at a large scale and always keep our eye on the ball.”

Israel Rachmani, CISO at Wix

Security team

Our world-class experts work around the clock to provide users with state-of-the-art security for their sites and data. The team maintains defense systems, conducts security reviews and provides consulting to product teams in order to help create a secure online environment.

Employee training

As part of our commitment to keep users' information safe and secure, employees undergo both general and role -specific security training. From emerging threats to phishing awareness, we keep personnel informed and up to date with the current security landscape.

FAQ

Find answers to the most searched questions about security, reliability and privacy.

Contact us

Browse articles, watch tutorials or contact Customer Care for more support.

Prvention
Detection
Response
bottom of page