Essential Tips to Make Your Squarespace Site Secure

SSL provides your website with a reliable connection, improving SEO rankings while protecting forms from insecure submissions.

All custom domains and subdomains associated with a Squarespace site are automatically secured with free SSL certificates to enhance security. If you encounter “not secure” warnings on your site, enabling SSL is easy and should be one of your top priorities for making it safer.

1. Enable SSL

HTTPS, or HyperText Transfer Protocol Secure, has become standard across websites that collect user data or accept credit card payments, including contact forms or checkout pages. Enabling SSL helps build trust among your audience as it notifies Google of your site safety status – something which may boost SEO rankings as a result.

To enable SSL on Squarespace, visit the Settings tab and then Security & SSL. Choose Enable SSL before inputting your certificate’s primary domain into the field; for multi-domain certificates you can add multiple domains by entering them one at a time using commas in the Domains field. In addition, make sure your site URL changes from HTTP to HTTPS before updating any external links that point back to its old address.

If you recently launched or migrated your existing site to HTTPS, the SSL certificate could take up to 72 hours for activation. If after that period your certificate status still shows as “processing”, please reach out for assistance from Squarespace Support.

Once SSL has been enabled, disabling it would adversely impact visitor experience and signal to Google that your site isn’t trustworthy. However, you can switch to Insecure mode if you would like your visitors to continue accessing HTTP version of your site.

2. Enable HSTS

All Squarespace sites come equipped with SSL certificates that secure both the information on your website and that of its visitors. When asking users to create accounts or enter personal details like email addresses or phone numbers or even confidential data such as financial or health benefits information, SSL certificates provide peace of mind while creating trust that their information will remain safe on your site.

HSTS must be enabled if your Squarespace website includes third-party domains or custom subdomains with www versions, and/or you use HTTPS-only subdomains or www versions for any of your pages. This enables the browser to set a preference that always prefers HTTPS over other forms of transmission.

By doing this, any content linked from your website, such as social media posts and PR pieces, will use SSL rather than HTTP for its secure connections.

To do so, navigate to your site settings and ensure the ‘Secure’ option is enabled. Doing this is one of the key ways you can bolster the security of your website and boost its rank higher on Google Search; additionally it will help avoid that pesky “not secure” padlock icon which discourages people from visiting certain websites and can help build stronger relationships between you and your target audience and ultimately grow your business! For more information regarding SSL/HSTS please check out Squarespace’s full blog post about it all here!

3. Renew Your SSL Certificate

SSL certificates not only help to prevent data theft, but they can also speed up websites by creating one connection between the website and browser, instead of multiple connections when loading over HTTP. This allows your site to load faster while making it more enjoyable for visitors to navigate.

SSL certificates are essential for sites that collect personal information from visitors, such as contact forms or checkout pages. They’re also an effective way to boost SEO rankings as Google has confirmed that websites with SSL will perform better in search results than those without.

To renew an SSL certificate on Squarespace, log into the admin and click Settings at the top of page. From here, scroll down to Advanced and SSL; here, validate that you own the domain for which an SSL certificate will be purchased by entering a code or uploading a file to validate ownership; after doing so update webmaster tools accounts like Google Search Console with new HTTPS version of website as well as submit sitemap resubmission form resubmitting sitemap submission form again.

If you’re having difficulty with installing or configuring an SSL certificate on your site, or experiencing issues related to SSL usage, try our guide for troubleshooting SSL-related errors. In it you can learn why SSL matters as well as its effectiveness time frame, plus how to customize settings based on your needs.

4. Disable Embedded Third-Party Content

If your browser displays a warning about “Not Secure” content on your Squarespace site, this indicates that some content may not be loading over an SSL-secure connection for whatever reason. This could occur due to any number of factors including browser issues and bandwidth limits on servers hosting Squarespace sites.

One potential solution could be that you’re using a third-party app that doesn’t support SSL; if unsure, contact them directly and ask. When collecting sensitive data like passwords and credit card details through forms, it is vital that they are encrypted using an SSL certificate and transmitted securely.

Another possible cause may be hosting your website on an SSL-disabled server. If this is the case for your Squarespace site, it’s essential that this be resolved as quickly as possible and all pages use SSL – including those without forms submissions – using it is an absolute must!

If you are using code blocks on your site to display HTML, CSS or JavaScript snippets, be sure to switch on Display Source when creating them – this ensures Squarespace correctly interprets and displays it on your website. Without this setting enabled, Squarespace may misread your code and display a blank space instead, potentially leading to problems with both layout and functionality of your website.

5. Enable Two-Factor Authentication

To increase security on your account, we highly suggest setting up two-factor authentication. This requires receiving a code via an authenticator app on your phone before logging in – providing another layer of protection in case someone guesses your password and attempts to gain entry to your website/content. To enable two-factor authentication head to Account & Security settings in your dashboard and click “Add 2FA”.

Squarespace makes it simple and straightforward for you to secure your site, but additional steps should be taken for optimal protection. First, choose a strong password with both uppercase letters, lowercase letters, numbers and special characters – this will prevent unauthorized access. Furthermore, keep up-to-date with any security updates from Squarespace that might come out.

Finally, it is advisable to ensure your SSL certificate doesn’t expire. Otherwise, web browsers could mark your site as “not secure”, harming both user trust and SEO efforts. To prevent this, purchase and install an SSL certificate from an outside provider on Squarespace website – additionally HTTP Strict Transport Security (HSTS) could force browsers to always use HTTPS even when accessing non-secure content on site.