Wix Dedicated Security Team
- Wix employs a team of security and privacy professionals who are experts in information, application and network security. The team maintain and constantly improve the company’s defense systems, develop security review processes, build security infrastructure, and implement the company security policies.
- Wix's dedicated security team also actively scan our platform and infrastructure for security threats, perform penetration tests, conduct quality assurance measures and software security reviews, and provide project-specific consulting services to Wix’s product and engineering teams.
- The security team, with the help of external experts, constantly monitor for suspicious activity in our network. They also address information security threats, and perform routine security assessments and audits.
Compliance and Certifications
As further detailed in our Security Whitepaper, Wix is a PCI Level 1 Merchant & Service Provider and is certified as ISO 27001 and ISO 27018 compliant. Copies of our certifications can be found here
Physical Access Controls
- Wix services are hosted on AWS and Google Cloud Platform cloud-based data centers, for which Equinix provides all physical colocation services. Our infrastructure providers maintain industry-standard security certifications, including: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and PCI DSS Level 1.
- More info on our Cloud Service Providers' security can be found at the AWS security page and the Google Cloud security page.
- Wix’s offices worldwide are physically secured by personal identification access restriction and management.
Business Continuity, Incident Response and Disaster Recovery Plans
- Wix uses data centers and cloud service providers in separate geographic locations and different time zones to allow infrastructure and service availability, as well as continuity.
- Wix develops and maintains business continuity, incident response and disaster recovery plans, which are tested and updated periodically.
- Wix facilitates designated solutions for protection against and mitigation of DDoS attack effects.
- Wix keeps dedicated teams in multiple geographies to support the Wix platform, services and supporting infrastructure.
System Access Controls
- Wix maintains an access control policy that covers Wix’s internal network and systems processing personal data. This facilitates control processes, including access logging, monitoring and limitation.
- Wix’s records and systems distinguish customer records and information from non-customer information.
- Data insert, deletion, and modification are stamped and logged (date/time and relevant personnel).
Application Level Security, Monitoring and Risk Identification & Assessment
- Wix hashes Wix Users’ account credentials and passwords.
- Wix Users can choose to establish two-factor authentication in their Wix accounts for an additional layer of security.
- Wix Users can customize many of their website permissions (This varies, depending on the specific service and features used).
- All of Wix cloud and public interfaces are automatically scanned for vulnerabilities and misconfigurations on a regular basis. Wix regularly monitors, detects, and blocks incoming attacks on our platform.
- Penetration tests are performed on our platform by Wix’s security team and an external third party on a regular basis. Results are evaluated and remediated (if needed).
- Wix maintains a security bug bounty program, which gives independent security researchers a platform for testing and submitting vulnerability reports.
- Wix facilitates privacy controls in its code to ensure customers’ data privacy and to prevent one customer from accessing another customer’s data.
Control and Security Measures for Storage, Transmission and Transport of Personal Data
- All new sites created on Wix have HTTPS automatically enabled as part of the basic services provided by Wix.
- All critical interfaces and functions (i.e. user authentication, payment transactions (PCI data) and PII related processes are only accessible using at least TLS v1.2.
- Wix has a multiple layer security architecture to help protect against 0-day security issues.
- Firewalls and intrusion prevention systems are in place to prevent unauthorized access.
- Wix facilitates a SOC 24/7/365 monitoring program focused on information gathered from various sources (internal network traffic, employee actions on systems and on-going research about vulnerabilities). Analysis is performed using different tools for traffic capture and parsing.
Employee Awareness and Training
- Wix’s security team communicates with all employees on a regular basis, covering topics such as emerging threats, phishing awareness campaigns, and other industry-related security topics.
- All Wix employees:
- Undergo security training when joining the company and on an ongoing basis (as required), as well as additional role dependent training on specific aspects of security (as required).
- Agree to the company’s code of conduct, which highlights our commitment to keep customer information safe and secure.
- Sign a confidentiality statement at the time of hire.
Third Party Risk Management Program
Prior to engaging new third-party service providers or vendors who will have access to Wix data, platform or systems, Wix conducts a risk assessment of vendors’ data security practices as part of Wix’s Third Party Risk Management Program.
Law Enforcement Request Policy
- Wix respects the human rights of our customers and their end users.
- As such, Wix implements a Law Enforcement Request Policy, which is designed to ensure that all data requests received from law enforcement agencies, governmental or regulatory bodies (“Authorities”) are valid and made in accordance with the applicable legal procedures.