Squarespace Site Hacked!

Not only have I never heard of this, I can’t even find anyone who’s had their Squarespace site hacked.

Does Squarespace even get hacked? I couldn't find anyone.

Does Squarespace even get hacked? I couldn’t find anyone.

When I did a Google search, I did find lots of mention of “Squarespace site hacked” but it was more in sentences such as:

  • “I’ll never have to worry about my Squarespace getting hacked!”
  • “I had 3 WordPress sites hacked in 1 year, but haven’t yet had my Squarespace site hacked!”
  • “I was paying for my WordPress hosting and then I was paying for Sucuri to keep the site secure, while when I switched to Squarespace, I just paid a single $8 per month and didn’t have to pay anyone else to secure it.”

A client just called me because his WordPress site was hacked. As I usually do, I recommended that he contact Sucuri. They used to have a single site clean-up price of $89, but now, as far as I can tell, it’s only a subscription model for a year for $199. He asked me if there was a less expensive option and I didn’t really know of one. So I went searching.

oDesk brought me a few guys who looked experienced. But a few line of his experience and it seemed that it would cost $140 (at his $20/hour) to get a job done. Who knows, maybe that was more complex–maybe not. The next guy had experience, too, it seemed.

Further, I only found articles where it was mostly Squarespace versus WordPress comparisons and how if you were on Squarespace, you didn’t have to worry about getting hacked.

Advantage this round? Squarespace.


About the Author:

I've done the big corporate thing. I've done the creative writer thing. Now I'm happily in the middle. I like to help small businesses who are interested in "working their website before their website works them." I'm also interested in creating beautiful sites with powerful WordPress themes. Google+


  1. Writing Every Day Beyond 1,000 Posts September 30, 2015 at 6:47 pm - Reply

    […] Squarespace Site Hacked! (Sep 29) […]

  2. Aaron Garcia December 5, 2015 at 11:06 am - Reply

    I want to believe that a Squarespace site couldn’t get hacked. That’s why I switched from WordPress over to Squarespace. WordPress code, particularly the plugins are written sloppily. This leaves vulnerabilities open for hackers to get in and do some real damage. I figure Squarespace is written by pros who craft their code very well; making it more difficult to hack. It’s plausible that any website could be hacked, don’t want to repeat the Titanic here, but I think there are steps that can be taken to make it unlikely.

    Check out my post on using SSL and DNSEC: https://www.agarciatv.com/blog/2015/11/26/now-using-ssl-and-dnssec

    I’m hosting off Squarespace, which doesn’t offer SSL, but I found a way with CloudFlare.

    • Aaron Garcia January 29, 2018 at 5:23 pm - Reply

      I came back to my comment while updating SEO for my website. I’ve switched domains and move the above post here: https://aarongarcia.net/2015/11/26/now-using-ssl-and-dnssec/

      I would also like to add that Squarespace has been good to me, but I now use WordPress.com which has been equally good. I recommend either of those to avoid getting hacked. The difference between WordPress.org and WordPress.com is explained here: https://en.support.wordpress.com/com-vs-org/

      I highly recommend the WordPress.com version if you don’t want to mess with updates, backups, and malware.

      I also want to add that since 2015 many websites now offer a free SSL with Let’s Encrypt including Squarespace, WordPress, and Dreamhost. If you’d like to use the WordPress.org version with Dreamhost, please use my link so I can get credit: https://www.dreamhost.com/r.cgi?2243668

  3. rob August 30, 2016 at 10:36 am - Reply


    • Aton July 27, 2017 at 7:45 am - Reply

      bro seriously? not even character encoded?

  4. christine September 21, 2016 at 6:39 pm - Reply

    I’ve just got this note from Google of hacks. Your post came up in a search for what to do about it! Nothing at Squarespace help on this..

    Hacked content detected on http://www.idc-design.com/

    To: Webmaster of http://www.idc-design.com/,

    Google has detected that your site has been hacked by a third party who created malicious content on some of your pages. This critical issue utilizes your site’s reputation to show potential visitors unexpected or harmful content on your site or in search results. It also lowers the quality of results for Google Search users. Therefore, we have applied a manual action to your site that will warn users of hacked content when your site appears in search results. To remove this warning, clean up the hacked content, and file a reconsideration request. After we determine that your site no longer has hacked content, we will remove this manual action.

    Following are one or more example URLs where we found pages that have been compromised. Review them to gain a better sense of where this hacked content appears. The list is not exhaustive.


    • Bradley Charbonneau September 22, 2016 at 4:57 am - Reply

      So Squarespace CAN get hacked it seems! I’m very curious to hear what Squarespace will do about this, how the hackers got in and if it’s widespread. Was it as simple as a password that was too easy or did they get in through a more complex way.

      Sorry to hear it, Christine!

      In case it wasn’t clear, my post was poking some fun at WordPress because it gets hacked all of the time but I had never heard of Squarespace getting hacked. So I don’t actually have any solutions for you other than to contact Squarespace. If you don’t mind, please post back here with what happens next.

  5. christine September 22, 2016 at 1:01 pm - Reply

    Thanks Bradley,
    Squarespace replied and the response was helpful.
    Turns out the hacked pages were likely on the site before we moved the domain to Squarespace. The Help staff pointed me to Google resources for removing the pages so it can be reviewed and the hack warning removed.

    Whew! I’ve been massively hacked/malwared on my WP sites so this is good news!

  6. Tom Soly November 22, 2016 at 1:30 am - Reply

    Well, Squarespace just got hacked, all websites are down. Check their twitter account, @squarespacehelp…

  7. Ray December 20, 2016 at 10:24 pm - Reply

    OK to clear up what appears to be a big misconception.

    Why square space appears to be more secure is mainly due to two things. No1 the hosting environment is controlled. No2 The base website builder is (resonably) secure – BUT as soon as you install ANY 3rd party application or 3rd party template you can blow your site security and become infected just like a word press site with bad plugins. Then if you need to recover a backup of your site from one month ago – your gone. So YES your square space site can be hacked. But its less because square space control the hosting environment and limit you to very basic functionality. And the recovery is not the best (very crude) and I have had instances where it has failed. SS has a rather long disclaimer – you should read it.

    WordPress can have security issues generally because the WP framework assumes you are going to be using good secure hosting. And wordpress also assumes you are going to be using quality plugins. So if you buy quality hosting (which will be heaps faster than square space if youdo) most the above can be remedied just by installing a software firewall and using quality plugins. So often being hacked occurs because the administrator doesnt have the right experience – or they went cheap on hosting. Remember some of the most respected sites in the world trust wordpress (gvts as well) and they are rarely hacked. Its because they follow good protocol.

    The advantages of wordpress are many. revision control, central management of anything – superior structure for seo (i dont care what anyone says, google LOVES the structure of wordpress sites) incredibly diverse menu structures allowing for infinite depth levels, multiple page undo – redo and compare – drag drop builders that allow page-section copy and paste. If you know wordpress quite often you can develop much faster with a better result – because you wont be able to do what you want with squarespace and often you will end up with a workaround. Also the square space interface can become bogged down, slow and if your browser crashes you often loose your changes. Had it happen many times and its frustrating as hell.

    So in summary Yes your square space site can be hacked – but less likely due to the servers being managed by knowledgeable staff. Use 3rd party apps and you increase your hacking risk. Note if your site is hacked square space will take it down immediately – no matter what the consequence to your company (because you could affect other sites on the server). There are very good reasons why Word press is used more by businesses more than any other website platform in the world (actually it dominates by a large amount!). But you need a webdesign/dev knowledge initially to leverage the benefits.

    If you are DIY without any website/host knowledge and dont want to hire a developer initially then Square Space could work for you But for a serious business making dollars who needs a strong web presence then WP is still the no1 choice.

  8. silent December 6, 2017 at 5:27 am - Reply

    Those who think squarespace and others cant be hacked are WRONG! there are vulnerabilities that you hear about – but they are not the concerning ones. Its the vulnerabilities you DON’T hear about – the ones not publicized. The only difference between open source and frameworks like square space (Who steal ideas/code from the open source community anyway) is the fact you just need to use supported plugins – ie pay reputable coders. Update and keep backups. Its not that hard. I have developed over 100 wordpress site and only ONE infection due to an outsource Indian development team. This is over 8 years! Open source is the best by far – use a closed framework like wix/squarespace and you loose many basic advantages (ie ownership, functionalit – so many its hard to list them all)

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Pin It on Pinterest

Share This