Search the Community

Site URL: https://theyvonne.com Hi Everyone, Thank you so much for any assistance you can provide. I believe I have a bot visiting my site. The IP is always from Ashburn Virginia and an IP lookup indicates the IP is an AWS site. One IP did indicate it was from a site in China. It use to be just once a month. Now. it 3 times a month and because I have low traffic these visits indicate my peak volume. I can get up to 40+ at a time. It is not a big deal but I want to start promoting, some of my work, and these visits will mess. up the analytics. Question: How do I block or remove them from my counts. Every instance is a different IP address but typically each instance is the same for 20-40. views. I am seeing that the view/visit number is getting higher each month. The view always starts on my privacy policy page. ps... I accidentally posted before finishing writing and then did an edit that got interrupted by a phone call. If this caused any issue please forgive me. All my best and many thanks Yvonne

Site URL: https://www.havenconnect.com currently squarespace does not allow adding HSTS directives like `includeSubDomains` or `preload`, and they don't allow modifying the `max-age` directive to a year or more. based on my understanding of HSTS, this prevents domains using squarespace from being eligible for preloading. more info here: https://scotthelme.co.uk/hsts-preloading/ i'm not a security expert so my first question is this: am i correct in understanding squarespace's HSTS implementation does not force all users to HTTPS? second question: if my understanding is correct, does squarespace plan to address this security flaw/vulnerability? and if so, when? thanks!

Did you ever figure this out? I'm facing a similar problem. My client's insurance company are asking for this or they will deny coverage on their site.

Site URL: https://www.cesardumayhouard.com/ Good evening, I've just launched my website, and since it is my portfolio I want to protect my images. And surprisingly any person can right click on any of my pictures and download them. So I want to know if it is possible to disable that for my website ? I also noticed that, (even for some other website), you could just right click and then select "inspect element", which then shows you the HTLM and CSS code of that page, and you can clearly see the specific private address of the pictures an videos, and download them that way. But I know that you can hide that data, and prevent a download, which something I've noted on some other website. So If you can help me insure some picture security I will be grateful, thank you.

Site URL: https://gohsh.com Hi! Can someone help? We're getting ready for our launch and feedback has been that people are unable to access our site. They're getting malware or cautioned about security. Squarespace told me it could be an SSL certificate issue. People are able to open our site via gohsh.squarespace.com but if it's through our direct domain, they're warned or blocked. It's happening mostly happening on optimum online customers, people using their work computers and also overseas globally. Does this mean I have to just move over to Shopify?? 😞

Site URL: https://securityheaders.com/ Hi, Square Space Support has directed me to the forum. Just wondering if anyone has been successful in adding in security headers to a square space site. If you scan with the above url you will see the missing headers. Support recommended injecting html but that is a client side solution to a server side requirement. After looking into this one in more detail it looks like none of those techniques will work as they are client-side rather than server-side. Chrome, for example, will ignore x-frame-options when it's in a meta tag and so we would expect that a bad actor or script would do the same thing. Here is a summary of the problem with fixes: https://security.stackexchange.com/questions/167081/how-to-add-x-frame-options-header-to-a-simple-html-file It seems the only way to set these headers as to affect security is to apply at the server level. On apache/wordpress we just use the functions file to hook in before page load and set the headers. Does squarespace have a way to do something similar? is there anything that you recommend we try aside form the client side links provided? Happy to help troubleshoot or explain in more detail.

I have a question regarding broken images. While on my workplace's network, my squarespace site (along with other sites built with squarespace) won't load images properly (shows broken image icons). I believe this is due to some firewall or security feature of the network. This occurs on few other sites, but happens pretty much globally on any squarespace sites (including squarespace.com). Although it is clearly due to the network, I'm a little concerned that other networks that users may be on will also not load images properly if these networks contain some security feature. With that said, is there any way to format images or add something to the CSS code to maximize the changes of images loading properly even on security-heavy networks?

I'd really like to allow interns at my company to draft blog posts on the site. However, I don't want them to have access to editing the rest of the website. Is this possible yet on Squarespace?

Hello - We are trying to come up with a way to have a hidden page that only tenant of our building have access to. We would like them to enter their email address and if it matches one in a database that we provide - it will give them access. We don’t really want to require a password. Is this something that is possible? It is not possible with SquareSpace members only area

Hello - We are trying to come up with a way to have a hidden page that only tenant of our building have access to. We would like them to enter their email address and if it matches one in a database that we provide - it will give them access. We don’t really want to require a password. Is this something that is possible? It is not possible with SquareSpace members only area

Some images on a website that has an SSL certificate are still displaying as http instead of https, thus causing those webpages to display as 'not secure' by Google. Is there an easy way to switch over all images on a site like this so that they are https instead?

Site URL: https://www.fashionrebellion.co.uk/ Hi everyone! I have a question. I've been working on a site for a business that sells subscriptions to work shops in schools. The problem we have is the kids can take a log in and password and then go home and log in - which we really can't have them able to do. Is it possible to get a plugin or something that enables them to only log in from a location or Ip address? Help please!!

Site URL: http://www.cellerantconsulting.com Hello, I am getting at the top of our website URL - "Not secure - cellerantconsulting.com". How do I fix that? Thank you, Stephanie

Site URL: https://probackup.io/ Hi Squarespace community, My company probackup.io has built a safe & easy-to-use backup app for popular cloud apps such as Asana, Airtable and Monday.com. It offers daily, automated backups, advanced restore capabilities and a daily sync to Google Sheets. We have had some customers request to roll-out our backup solution for Squarespace as well. Before proceeding on integrating with Squarespace, we are looking to get as much validation as to whether any use cases pertaining to backup, restore or undo functionality are commonly requested by customers, to help inform our business case and prioritize our roadmap. For sure Squarespace does its own backups for redundancy, and offers basic export capabilities, but here are the use cases we have identified from our own customers where we are thinking to add value beyond what the platform already does: - Extra level of disaster recovery - Advanced rollback & restoration capabilities - Continuous access to business-critical data during service outages Curious to hear what the community thinks of a potential dedicated backup for Squarespace? Your feedback would be greatly appreciated.

Site URL: http://squarespace.com I need to know if Squarespace is ISO27001 certified?

Site URL: http://coryzankerphotography.com All of my images appear broken when editing in the configuration view. As soon as I noticed this error, I also noticed a privacy error when attempting to load my web page on both Chrome and Safari (attached). Both issues only occurs on one device (2016 Macbook). Images are not broken, nor do I receive the security warning on my phone or other computer. Any input or suggestions would be greatly appreciated!

Site URL: https://www.simonmetzwoodworking.com I have an issue where a scam site from China has a page that appears to link to my site but in actuality links to their home page. I need to block this as it is some kind of scan financial services site and don't want to get dinged by Google. Normally I would block spiders in robots.txt file but that's not available in SS. Anyone have any ideas on how to block spiders. I used to bloc Baidu when I coded my own site as their bot spent hours indexing my site from what my logs told me. The URL I'm trying to block is https://m.pushade.com/by/simonmetzwoodworking/ Thanks!

In February, I asked about the ability to add security headers to a Squarespace site (e.g. XSS protection). I was told this was not currently supported and would need to be requested as a new feature. Support chat = https://support.squarespace.com/hc/en-us/requests/new?ticket_form_id=360000388052 Subsequently, I've seen a reference to the ability to add headers in Settings | Advanced | Header (linked below). Please could you confirm whether this function will support the use of security headers on the infrastructure managed by Squarespace. Many thanks

Hey whats going on ya'll I'm running a content site dedicated to fitness and nutrition science I sell a product by monthly suscription - Essentially I release 5 new workouts every month to suscribers for different purposes. While squarespace does let you sell digital products with a secure link, you can't do it with suscriptions What would be the best way for me to go about doing this in a way that keeps my digital product secure? Thank you

Hi all, I have an acquaintance who's wondering if there are any site builders or publishing platforms that don't use cookies on the user-facing end of the site. She doesn't need user membership features, so that shouldn't be a problem. Is there any way to build a Squarespace Site that doesn't need cookies? And is there any way to do it while still getting some basic analytics? Any help would be much appreciated.

I have already raised this issue with Squarespace Customer Care (Support Request #4378187) over 24 hours ago but no response whatsoever as yet. "Live Chat" seems to be permanently closed? Google no great help to this stage. I thought/hoped perhaps somebody here may have had a similar experience? We have been advised by a coporate client that visiting our well established Squarespace site is triggering a Firewall Alert/block. Context of the specific Alert is below. The firewall alert is being detected by Fortigate (https://www.fortinet.com/products/next-generation-firewall.html) IP 198.185.159.144 is Squarespace. Whilst this may well be a false positive, the alert of virus="FormBook" is a serious concern: https://www.symantec.com/security-center/writeup/2019-020107-5257-99 https://fortiguard.com/encyclopedia/botnet/7630314 <----------------ALERT---------------> Message meets Alert condition File Block Detected: Protocol: Email Address From: Email Address To: date=2019-08-28 time=11:34:13 devname=FG201ETK18900821 devid=FG201ETK18900821 logid="0202009249" type="utm" subtype="virus" eventtype="botnet" level="notice" vd="root" eventtime=1566956052 msg="Botnet C&C Communication." action="monitored" sessionid=762300281 srcip=192.168.250.131 dstip=198.185.159.144 srcport=57804 dstport=80 srcintf="port4" srcintfrole="dmz" dstintf="wan1" dstintfrole="wan" proto=6 direction="outgoing" virus="FormBook" dtype="ip-reputation" ref="http://www.fortinet.com/be?bid=7630314" virusid=7630314 crscore=50 crlevel="critical"

Hi I would like to stop access to a squarespace site (or a subset of pages) until the viewer has accepted a disclaimer: Can anyone advise on the best way to do this in squarespace? Thoughts: Use marketing pop-up? Inject javascript or html/css? thanks in advance J

Does anyone know how to block our URL in specific countries? Specifically, all of Asia and all of the Middle East. We're going through GoDaddy, but they can only block individual IP addresses, not entire countries. We run a charity in Asia and can't have our website being accessed there. Is anyone able to help, or know of someone we could hire, please? Thanks!

Site URL: https://www.merze-lifestyle.com I would like to block an IP address from entering into my website but I am on Squarespace 7. Is there custom code that needs to be created? Or do I need a third party application to achieve this? I am not a coder and so I would need to have help if custom coding is required. Thank you, Mary

Hi, If I want to obtain health information of a client, can I make sure that it's secure through squarespace? I saw this article: https://support.squarespace.com/hc/en-us/articles/360028867231-Squarespace-and-HIPAA but I can't tell if this is only for the scheduling tool; and even if I do subscribe to Scheduling, is signing a BAA sufficient? Thanks in advance