June 28, 2021

How HubSpot Supports Your Website Security

You need to be able to prevent someone or something from getting access to your website and being able to alter the content you have live, take the site down completely or access the information transmitted through it — which is why website security is vital for every company.

Website Security Benefits of HubSpot

Because HubSpot is a managed app, their engineering team is responsible for maintaining majority of the security measures for the CMS. Security updates happen in the background, and your IT team doesn’t need to worry about it. (A changelog does exist if you want to monitor them though). If something does go wrong or you have a question about a security measure, you have access to HubSpot’s support team.

Whereas if you’re using a self-hosted website, you’re responsible for the quality of the website security. While there are managed hosting providers for other CMSs like WordPress that can take some of the security responsibilities off your plate, if you’re leveraging a bunch of plug-ins on your website, you’re leaving yourself vulnerable to potential security holes through them. 

Because HubSpot is an extensible platform, security issues due to third-party plug-ins are less of a concern because everything you need to manage your website and marketing strategy is native.

From planning to launch day, learn how to make your next redesign project a  success with our Website Redesign Guide.

How HubSpot Supports Your Website Security

Penetration testing

HubSpot hires outside firms to conduct penetration testing on their CMS and other products multiple times a year to ensure its security system holds up. You’re not responsible for paying for that testing yourself — though you are still able to do your own penetration testing if you feel the need.


SSL comes with every HubSpot CMS site by default. Not only do they help you get that initial certification for free, but they also will automatically renew it 30 days before the expiration date. HubSpot’s SSL is offered through Cloudflare, which can support up to TLS 1.2.

Prevent DDOS

Hacking isn’t the only way a website can be compromised, but HubSpot has security measures addressing other potential threats too. For example, HubSpot has features that protect your website from crashing due to DDOS attacks.

Customizable security settings

HubSpot has a number of security settings that you can adjust based on your business needs including:

  • Choose to require HTTPS protocol or not
  • Select which versions of TLS you support
  • Enable X-frame options to prevent your content from being embedded on other domains (Enterprise only)
  • Add extra security for users of older browsers with X-XSS-protection (Enterprise only)
  • Control how much information is included with referrer requests (Enterprise only)
  • Identify which browser features can be used on a page (Enterprise only)

From planning to launch day, learn how to make your next redesign project a  success with our Website Redesign Guide.

Two-factor authentication

To reduce the risk of someone gaining access to your website by obtaining your employee’s login and password, HubSpot allows you to set up two-factor authentication. 

This will require a second verification outside the username and password to ensure that the person accessing your HubSpot portal is actually the owner of the account they’re logging in through. For example, when someone logs in on their computer, they’ll also need to enter a code that was texted to their mobile number.


If something does go wrong and your website is compromised, HubSpot has a backup system in place to prevent your original content from being lost forever. There’s revision history available for all page content and code, so if someone gains access to your site and deletes or changes things, you can revert to the previous versions.

The Takeaway

Security is a priority for HubSpot because if there are issues, it’ll impact all sites on the CMS — including their own. 

While it’s not possible for any form of website security to be perfect, HubSpot has a great track record of protecting their systems, their customers, and the data contained within their platform. There are even cybersecurity companies who trust the platform with their businesses.

Because you know HubSpot has you covered when it comes to website security, you can take that responsibility off your plate and spend more time and resources actually running your marketing.

New call-to-action

Christopher Mathieu

Christopher Mathieu is the Chief Services Officer at New Breed, an Elite HubSpot Partner based in Burlington, VT, which helps customers implement the right technology and strategies to unlock meaningful growth. With a background in design, technology, and demand generation, his over two decades of experience allow...


Ready to jumpstart your acquisition, retention and expansion efforts?

Request Assessment