Website Security
When you entrust your brand website to a platform for management, security is more than just a set of login credentials. Kanorio provides foundational protection across website connections, public-facing sites, accounts, and payment processes. Simultaneously, you still need to secure your email or Google accounts, manage team permissions, and carefully select third-party services.
No service can guarantee zero risk, but understanding "what the platform handles" and "what you can do" significantly reduces the impact of common issues.
What Will This Section Help You Achieve?
- Understand HTTPS for public websites, basic edge protection, and browser security.
- Secure the email or Google account used to log into Kanorio, and your two-factor authentication backup codes.
- Learn how visitor privacy, cookies, third-party tracking, and payment data are handled.
- Determine if suspicious login emails, Google warnings, or payment notifications require immediate action.
- Know what steps to take first during a security incident and how to safely contact support.
First, Confirm What You Want to Do Now
| What You Want to Understand | |---|---| | What are the padlock icon, HTTPS, DDoS, or WAF? | How Your Website is Protected | | How Kanorio handles visitor data, cookies, and third-party tracking | Visitor Privacy and Data Handling | | How to prevent unauthorized account access | Account Security Guide | | Are card numbers, store payouts, and refund processes secure? | Payment Security | | Receiving suspicious login emails, Google warnings, or discovering security issues | What to Do in Case of a Security Incident |
How This Differs from Other Sections
This section explains the principles, protective measures, and handling procedures for platform and account security. It does not replace tutorials for website editing, domain settings, or payment processes. If you know the issue lies within a specific function, prioritize visiting that relevant section.
"Frequently Asked Questions & Contact" provides general troubleshooting, customer support, and content reporting access. This section focuses on unauthorized access, suspicious messages, visitor privacy, payment security, and public website protection. In the event of a suspected security incident, please read What to Do in Case of a Security Incident first.
A Few Reminders Before You Start
- Kanorio will never ask for your full card number, CVC, one-time verification code, login links, or two-factor authentication backup codes via customer support chat, email, or messages.
- Prioritize securing the email or Google account you use to log into Kanorio. If that account is compromised, your platform settings could also be affected.
- After enabling two-factor authentication, store your backup codes in a secure location separate from your phone.
- Only connect trusted third-party services and regularly review external links and public content on your website.
Protections Kanorio Handles Automatically
- Encrypted Website Connections: Published websites use HTTPS, making data transmitted between visitors and your site difficult for third parties to intercept or alter.
- Basic Edge Protection: Public websites are served through Cloudflare's global network, including CDN, DDoS protection, and basic WAF.
- Public Website Protection Rules: The system applies browser security rules to public websites, reducing risks of malicious embedding, loading insecure resources, or misinterpretation.
- Account Login Protection: Kanorio uses Google Sign-In or email verification codes, eliminating the need for a separate Kanorio password. You can also enable two-factor authentication (2FA) yourself.
- Payment Data Isolation: Subscription payments and store checkouts are handled by the payment provider's process. Kanorio does not store full credit card numbers.
Four Things You Should Still Do
- Enable two-factor authentication (2FA) from Account Settings in the dashboard and store your backup codes securely.
- Protect the email or Google account you use for login. Do not share verification codes, login links, or backup codes with anyone.
- Regularly review team members in the Dashboard Overview and remove individuals who no longer need website management access.
- Connect only trusted third-party services and check external links and embedded content before adding them to your website.
Frequently Asked Questions
Yes. All published Kanorio websites utilize the platform's basic edge protection. Feature benefits may vary by plan; please refer to the plan page for details.
The SOC 2 Type II, ISO 27001, and other certifications mentioned in this guide refer to the public certifications of infrastructure service providers like Cloudflare, not Kanorio itself. For details, please read Visitor Privacy and Data Handling.
No. Kanorio automatically handles HTTPS and basic edge protection for published websites. If you are using a custom domain, you will still need to complete DNS settings as instructed; please read DNS Settings and FAQs.
The platform can mitigate many technical risks, but it cannot replace your responsibility in protecting login accounts, discerning suspicious messages, or deciding if a third-party service is trustworthy. A comprehensive approach involves managing both platform protections and your account security.