How Secure are Free Websites?

Protecting Your Relationship with Weebly

Here’s a section from the Privacy Policy that describes their approach to security. Note that their SSL encryption only protects you in your relationship with Weebly.

Confidentiality and Security

No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we make efforts to ensure security on our systems.

  • We use physical, electronic, and procedural safeguards to protect personal information about you.
  • Your account information is password-protected. Additionally, your account’s password is stored using a salted, variable work factor, one-way hash algorithm.
  • In certain areas, Weebly uses industry-standard SSL-encryption to protect data transmissions. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software.

Protect Your Customers’ Information

If you collect credit-card information, you want very strong security protections. The easiest way to secure your shopping cart is to contract with platforms like  Network Solutions, Amazon Webstore, Google Checkout, Shopify, and so on, with the security options already built in. Weebly’s shopping cart uses PayPal, which has  strong security options, to manage all financial transactions.

You can set up a simple store (a few items with fixed prices) using PayPal directly. See Meals on Wheels of Staten Island’s donation page for examples of PayPal buttons.

If you collect personal information (medical records, for example), consider buying SSL encryption. Network Solutions offers a variety of options. See for their information.

Other large hosting companies offer SSL certificates as well. If your host doesn’t, you might want to change hosts.

Protect Yourself against Spam

If you want to prevent spammers from sending garbage forms, use a CAPTCHA. See Meals on Wheels of Staten Island’s volunteer application page for an example.

How do MailChimp and Weebly make money?

This was a question at the last Website 101 workshop: How do free services like Weebly and MailChimp make money?

Here’s an article about MailChimp:

With freemium, MailChimp thrives where many others fail

It turns out that MailChimp was a paid service first, and figured out how to make money from their program, and only then created a free version. The free version promotes the paid version.

The article mentions a rule of thumb: For every 10 free users, you get one paid user. MailChimp had 450,000 users in 2010, so about 45,000 should be paid users. Rates run from $10 to $240 a month, depending on the number of subscribers.

Here’s an article about Weebly, and how it makes money.

Weebly, a simple web page creator, launches AdSense feature and pro accounts

In this model, the Weebly developers make money from their “Pro” users and by making it easy to add Google AdSense advertising widgets.

Don’t Panic! We’ll Figure it Out

The Relational Aggression home page

The Relational Aggression home page

This is an example of our work with a client who easily takes care of her website day to day, but because of bad choices made by her original webmaster, lost control of her website for a few days.

Laura, who developed and offers the anti-bullying S.A.R.A. workshops in the New York area, had spent hundreds of dollars getting a blog customized and linked to a pre-existing site. (Note that is the free blog, like the one we use for Websites 101, and is a whole platform that you download and customize. It’s not free, and it’s more powerful but also much more complicated to set up.)

However, the designer and webmaster, a moonlighting IT employee at an organization where Laura worked, didn’t have time to support the different components — WordPress plus outsourced template plus pre-existing site — and walked away from the project.

This became a serious problem when the hosting service, which provided no way to contact them, turned off the site without warning. And then turned it back on, then turned it off, then back on….

Laura hired us to solve the problem. We suggested she move the site and domain name to Network Solutions, a far more professional host, and moving the site went smoothly thanks to Network Solutions’ MyTime Support. (The underlying file system was a mess, but the MyTime Support folks figured it out and didn’t bother her with the details, hurrah.)

We also straightened out some problems with the template and showed her how to set up Akismet to eliminate thousands of spam responses to her postings.

How to Move a Domain and a Website

To move a domain name, you need to ask your current registrar to unlock the name (usually) and for an authorization code. Luckily, we were able to contact the domain registrar and because the “” was in Laura’s name, they unlocked the name and handed over the code without a problem. (Responsible registrars lock domain names to protect you from unauthorized transfers. Otherwise, unscrupulous third-parties can move your domain to a different registrar without your consent and, basically, hold it for ransom. See Domain Name Tip: Lock Them or Lose Them.)

However, even if the domain name isn’t in your name — for example, the webmaster set it up under his own name, which we’ve seen happen — you can work with the new domain registrar to prove ownership. They have a form you can fill out and fax to them.

As for switching hosts when you can’t reach your current one, once you sign up with the new host and move the domain name, the old relationship is over. Just be sure they don’t automatically renew your site using your credit card.

Note: If the old company does charge you again, you can get help from your credit card company. First try contacting the hosting company to cancel and if that doesn’t work, tell the credit card company that the charge is unapproved; send them your documentation. They often succeed where we everyday consumers can’t.