Our Secure Hosting

You’ll hear the term Secure Hosting banded around the hosting company websites but what does it actually mean. I’ll give you a run down of how we secure our hosting and explain some of the measures we put in place.

Enterprise-level website security built-in

Security breaches and exposure to malware are an ever-present threat in this day and age. We give you secure hosting with the tools to protect your digital assets for free.

Automatic malware scanning

Every day, we check every website on our shared WordPress and Linux hosting platforms for common viruses. Malware, including web shells or mail/spam daemons, can compromise your setup and provide hackers access to the information, emails, and material on your website. In our control panel, we provide you with a comprehensive report on the outcomes of this scan. This is comparable to services offered by some other web hosts, for which they charge more! If malware is found, we can notify you through email. The WordPress Checksum Report in our WordPress Tools offers users of WordPress another tool to scan their systems for malware. This verifies that your WordPress core corresponds to the WordPress repository on the WordPress website.

Free wildcard SSL encryption

SSL-TLS certificates are essential for secure data transmission and web browsing. Every website should have one now because of legal requirements and Google’s support of them. In order to make every website we host “https”, we collaborate with Let’s Encrypt.

We offer “wildcard” certificates for free SSLs. Therefore, you may use a single certificate to secure both your major domain and its subdomains. Use our nameservers on your website in order to receive a free “https” certificate. Like other SSL certificates, they offer the same level of protection.

Our data centres

Our data centres are accredited to ISO27001:2013. They have 24-hour on-site security, photo ID and swipe card admission, CCTV inside and out, gated access, secure perimeter fencing, redundant and uninterruptible power sources, and other security measures.

Prior to gaining access to any internal system, our personnel must authenticate themselves. We employ centralised identification and security procedures that adhere to a need-to-know access and least-privilege rule.

Isolated backups

All backups are stored offsite, away from the original data centres that contain the web servers.

PCI compliant UK hosting

Your hosting must be PCI compliant if your company accepts credit cards. The hosting provider must adhere to Payment Card Industry Data Security Standards in order to collect, store, and process debit/credit card information (PCI-DSS). The PCI Security Standards Council is in charge of requesting routine examinations of hosting providers. They check for weaknesses where thieves might be able to obtain cardholder data. Independent audits of us are consistently successful.

Anti-spam, anti-virus

Advanced antivirus and anti-spam protection are applied to all emails and forwarders sent and received.

We use 3 layers of inbound spam and virus scanning:

Mail from known spam networks is rejected using network-level commercial anti-spam deny lists from Spamhaus, Invaluement, and Barracuda Networks.

Any signatures for known malware are rejected.

When messages exhibit spam-like traits, they are flagged and placed in the “junk mail” folder.

Fully configurable email filters

The webmail control panel allows for the complete configuration of these filters. So, specific senders, domains, and TLDs can be added to allow lists to completely bypass the content screening. Deny lists are the same way; you can make your own using our control panel.

The message is returned to the sender whenever we reject a communication due to a known virus or network deny listing so the sender is aware of what’s going on. Email is never “black holed.”

Spammers not welcome

You don’t want miscreants to ruin your reputation (and ours) by sending out tonnes of “spam” emails if you use the email accounts that are included with our shared hosting.

Because of this, we keep an eye on emails that are sent out and have a zero-tolerance spam policy.

2FA – Safer than just a password

Unfortunately, once your password is stolen, many security measures become useless. The usage of two-factor authentication (2FA) is thus an option for our control panel.

2FA is a way to add an extra layer of security. Our 2FA uses TOTP apps, which provide you with a time-sensitive single-use code to enter as well your password. 2FA app providers include Google and Microsoft. The apps are run from your phone.

Another type of “2FA” that we require is random security checks when payments are made. You will need to phone us and confirm the additional security information you gave when first signing up in order to do this.

Enterprise-level denial of service protection

The risk of distributed denial of service (DDoS) attacks on the internet is increasing. By overwhelming the server with requests, they might seriously harm your business by blocking access to your website for ordinary website users.

You typically have no choice but to endure the attack and wait for it to end if your shared hosting or virtual private server (VPS) is attacked.

We added 1 Tbps+ anti-DDoS protection for this reason. With this high-level security, you are protected from the majority of threats. You won’t notice any interruptions because it just filters out harmful traffic. Do not let the hackers destroy your company.

Web Application Firewall

Preventing hackers from accessing your server-based code is one technique to stop security breaches. By preventing suspicious activities, our Web Application Firewall (WAF) safeguards your data and applications.

Malicious code is frequently inserted into web forms as a method of attack on websites. Since forms must permit information to transit from the user to the server hosting, they are not protected by conventional firewalls. They could serve as a point of entry for ransomware or data thieves.

Being a victim of this will cost your business time and money, even in the best-case situation. In the worst situation, a breach could cause your business to fail.

By checking each HTTP request for SQL injection, malware, cross-site scripting, path traversal, and other forms of attacks, the WAF aids in preventing this. This occurs at the edge of our network before any scripts from web applications like WordPress are executed. Less than a nanosecond pass.

The collection of criteria used to screen out harmful requests is updated frequently by the security team. This ruleset is made from commercially-available resources and custom rules written by our security team.

Network Protection

We also manage the network defences in addition to the firewall. These are based on reputation at the network level (automatic system) and IP address level. They are intended to stop potential attackers before an attack ever occurs.

Automatic routing diverts suspicious IP addresses and networks from ordinary web servers, distributing traffic and burden. Bad-reputation IP addresses are blocked at the network edge, and IP address ranges as a whole might also be blacklisted.

Brute-force Login Protection

Cybercriminals frequently employ brute force to try and guess the “admin” password for your website. These programmes cycle through popular passwords and use random letters and numbers along with trial and error to try to guess your login information.

Our platform has StackProtect, which keeps track of attempts to log into your website. It looks out for potentially malicious automated requests. It uses Google’s most recent reCAPTCHA technologies to identify them and, if necessary, disables the attempts.

This also prevents a slowdown of our platform. Every day, it denies up to six million requests. Our most popular target is logins to our Cloud WordPress hosting platform, however StackProtect protects all major website logins.