Security Features

Wildcard SSL certificates

If your website has any way in which to pass over information – even a contact form – then it should use an SSL certificate. Sites covered by an SSL have the ‘https://’ URL. HTTPS protects the user by encrypting the information that goes from their device to the website servers.

Having an SSL certificate has other advantages, too. It’s used by Google as a signal of the site’s ‘quality’. So by having one, you’ll have an advantage in the search results over websites that don’t.

Our SSL certificates are ‘wildcard’, meaning that they cover subdomains too: like blog.yoursite.com, for example.

Our data centres

Our data centres are fully secure and are ISO27001:2013 certified. Their security features include:

• Redundant power supplies so that your site stays online
• Gated access with photo ID and swipe card entry
• 24/7 security, with CCTV inside and out

PCI compliance: safe for business

Our servers are Payment Card Industry (PCI) Compliant. This means that our hosting servers are certified to be safe for online stores taking card payments, and the undergo regular audits.

PCI standards are enforced through a group of major credit and debit card companies, like Visa, MasterCard, and American Express.

Malware scanning

Having malware on your site can be disastrous. It can compromise your security, leading to fraud or identity theft. It can harm your reputation and performance in the search engines.

Your website will be checked for malware daily, with our Malware Scanning service. If any malware is found, we’ll let you know and give you advice on how to remove it. You can also scan on demand, so once you’ve made changes, you can check that it’s been resolved.

WordPress checksum report

As WordPress is so popular, it’s a popular target for criminal hackers. So we offer a WordPress checksum test. This checks the version of core WordPress stored in their repository against the one installed on our servers. We’ll notify you if there are differences between the official core version and yours, which could suggest that malware has been added.

File permissions checker

Are you sure that you have the correct permissions on your website files? If you don’t have the right permissions, someone might be able to access or change your data. Our file permissions checker will monitor your permissions and make suggestions on what to change if it spots any potential problems.

DDoS protection

Distributed denial of service (DDoS) attacks are usually what has happened when it’s reported that a website has been ‘taken down by hackers’. It involves flooding a server with fake requests, as if millions of new people are visiting the site. This will prevent genuine users from accessing the site.

Our DDoS protection will filter-out DDoS attacks. It can handle attacks of over 1 terabit per second, so even the largest attacks will be mitigated.

Email security

Emails can be a security risk, so we scan incoming emails for viruses and similar malware, blocking them before they reach your inbox.

Spam is controlled by being filtered through anti-spam deny lists and content checkers. You’re given full control to allow certain emails from domains that might otherwise go straight in to your junk mail.

Emails also have another layer of security through DKIM authentication, protecting you and those you send emails to against impersonation. Our servers have a great reputation, so your mail will never have problems being delivered.

Web application firewall: secure your apps

Criminals might try to look for vulnerabilities in your applications: like your database, for example. Our web application firewall will help protect you by scanning for attempts to hack your site. It will look for attacks involving trojans, cross-site scripting, SQL injection, path traversal and other ways to gain access to your files. We use both commercial tools and bespoke rules written by ourselves.

Protecting your passwords

One of the most common ways for websites to be compromised is through cybercriminals knowing your password. To help protect you, you have the opportunity to set up two-factor authentication on your hosting control panel, so you get an extra level of security on login. It involves using a code on your mobile device.

We also allow you to password-protect certain areas of your website. Our strong password generator will help you create difficult-to-guess passwords and you can lock FTP behind a password.

Brute-force login protection

Another avenue of attack is by ‘brute force’: using software to try multiple variants of common and short passwords in an attempt to guess the correct one. We have systems in place that will detect automated attempts at brute forcing passwords through trial and error, and use Google reCAPTCHA to detect genuine users.

Block visitors

If you wish to block certain visitors from your website, you can. You can prevent whole countries getting to your website, or block by individual IP addresses. You can use simple rules like ‘allow all, except’ or ‘block all, except’.

Backups

If there’s ever a security issue with your website, it’s wise to have a recent backup to fall back on. You can make manual backups or use our automatic backup service.