Wix Security

Introduction

Wix.com powers over 250+ million users and companies with the highest priority being their
security, privacy and confidentiality.

When users build and run their site on Wix, their security is fully managed by dedicated security
experts—giving them 24/7 enterprise-grade security, and peace of mind.

The 3 Key principles at the core of security at Wix

Prevention

As cyber attacks are increasing and becoming more sophisticated, we must stay one step
ahead. With a security-oriented mindset, Wix highly invests in the early prevention of potential
threats to keep your site secure.

• Sensitive Data Encryption: Wix sites are served over HTTPS using TLS 1.3, meaning
your sites are SSL-certified and your sensitive site data is secure.

• SSDLC (Secure Software Development Lifecycle): Wix incorporates procedures and
guidelines to secure their development process—including threat modeling, design review,
code review and penetration tests.

• DDoS protection: Wix implements anti-DDoS solutions to prevent an impact and assure
your site remains available.

• Supply Chain: Wix operates a TPRM (Third-Party Risk Management Program) to perform
ongoing security assessments, ensuring vendors are safe to work with.

• Payment Security: All Wix sites are compliant with the highest Payment Card Industry
Data Security Standards (PCI DSS Level 1). Wix provides their users and customers with
secure checkouts and payment methods which protect them from fraud and risk activities.

• Physical Security (AWS, GCS, Equinix): Wix is hosted by world-leading cloud-based DC
providers that comply with the highest industry standards for physical, environmental &
hosting controls.

• Certification & Compliance: Wix is committed to the highest international privacy and
security standards and are aligned with Soc 2 Type 2, PCI DSS Level 1, ISO (27001,
27701, 27018, 27017), GDPR, CCPA and LGPD

Detection

Wix continuously monitors their platform to detect anomalies and threats, delivering real-time
insights needed to maintain a secure environment for users.

• SIEM & SOC – 24/7/365: Wix’s Security Operations Center provides the highest levels of
system monitoring and alerting capabilities for faster detection and response time.

• Visibility: Wix uses innovative tools and powerful technologies to achieve high visibility of
security posture.

• Data analysis & ML (Machine Learning): Wix takes this innovative approach to identify
pattern changes and detect suspicious activities in order to block malicious usage of their
platform.

• Bug Bounty Program: Wix invites independent security researchers to try and “hack” their
platform, rewarding them for discovering any vulnerabilities.

Response

Your website availability and continuity is at the core of what Wix does. Wix’s response plan is
designed to contain and minimize the impact of a potential cybersecurity incident, so your
business can stay up and running in any situation.

• IR (Incident Response): In case of emergency, Wix’s dedicated and highly trained IR team is
ready to take rapid response and establish a plan of action.

• BCP & DR (Business Continuation Plan & Direct Response): To ensure the security of
operations during disruptive events, Wix’s team has a BCP outlining steps for prevention and
smooth recovery.

• Periodic Training: Wix performs regular BCP simulations that prepare them for a quick and
smooth recovery in case of an unplanned event.

Wix Security in a Bullet Points

• Dedicated World Class Expert security team – 24/7
Security at Wix is fully managed so your only focus and concern is running your business. Wix’s
dedicated team of experts is responsible for monitoring and optimizing Wix infrastructure and
security solutions around the clock to prevent and detect any vulnerabilities and potential
attacks.

• Operate on a holistic security framework: Prevention, detection, response

• Compliant with the highest industry standard: Wix conducts regular audits and attains
the highest international security standard of certificates and compliance for its platform
and users regarding user privacy and data protection: SOC 2 Type 2 / PCI Level 1
Merchant & Service Provider/ GDPR & CCPA & LGPD / ISO 27001, ISO 27701, ISO
27018, ISO 27017

• Secure payments: Every Wix eCommerce site is compliant by default with the Payment
Card Industry Data Security Standards (PCI DSS). Wix eCommerce provides merchants
and buyers with secure checkouts and payment methods ensuring they are protected from
fraud and risk activities—allowing merchants to choose from 50+ secure payment
providers.

• Sensitive Data Encryption: Wix sites are served over HTTPS using TLS 1.3, meaning
your sites are SSL-certified and your sensitive data is secure.
• DDoS protection: Wix implements anti-DDoS solutions to prevent any impact and assure
your site remains available.

• BCP & DR (Business Continuation Plan & Direct Response): To ensure the security of
operations during disruptive events, Wix’s team has a BCP outlining steps for incident
prevention and smooth recovery.

• Incident Response: Wix’s response plan is designed to contain and minimize the impact
of a potential cybersecurity incident. In the rare case of a direct impact on your site, Wix
has a dedicated team that will handle everything for you.

• Site Data and Backup: Wix backs up your site with multiple copies and regions—so it can
be restored/recovered quickly.

FAQ

Do I need to do something to assure my site is protected?
Wix’s dedicated security team takes care of your website security 24/7. When building on Wix
your site immediately receives enterprise-grade security so you can rest assured everything is
being handled for you. To ensure your Wix account security from your first interaction with the
platform there are a few easy steps you can follow as well as security features that require
enabling.

How does Wix protect my user’s data? Wix has implemented security measures designed to protect the personal information you share with Wix including physical, electronic, and procedural measures. Wix has additionally
implemented encryption of Users and Users-of-Users personal information.
Wix also offers HTTPS secure access to most areas on their platform and the transmission of
sensitive payment information through designated purchase forms are protected by an
industry-standard SSL/TLS encrypted connection. Wix also maintains a PCI DSS (Payment Card
Industry Data Security Standards) certification.

Wix regularly monitors its systems for possible vulnerabilities and attacks and seeks new thirdparty
services to secure their platform and enhance visitors’ and users’ privacy.

Does Wix have a security certificate that confirms my data is protected?
Yes. Wix is Payment Card Industry Data Security Standards (PCI DSS) compliant and is
accredited as a level 1 service provider and merchant. The PCI DSS is an information security
standard for organizations or companies that accept credit card payments. This standard helps
to create a secure environment by increasing cardholder data, thus reducing credit card fraud.

Is Wix compliant with international regulations?
Wix.com is 100% committed to data protection. They work with a team of experts that can
ensure their products, services and documentation are up to standard and comply with the most
critical privacy regulations currently in force; the General Data Protection Regulation (GDPR) in
Europe, the California Consumer Privacy Act (CCPA) in the US and Lei Geral de Proteção de
Dados (LGPD) in Brazil.