Security
Every WP Pro Host plan includes a full enterprise security stack — built in as standard, not sold as add-ons. Here is exactly what protects your site.
Layer 1 — CDN Level
Attacks are intercepted at the network edge — before they reach your server. Enterprise DDoS mitigation, global WAF rules, and bot filtering run at the CDN layer across 30+ points of presence worldwide.
Layer 2 — Server Level
Anything that passes the CDN is intercepted at the server. A dedicated security layer runs real-time malware scanning, IP reputation blocking, brute force protection, and automated WordPress hardening — with no performance impact on your sites.
Most hosts have one layer. WP Pro Host has two.
Included on every plan — Launch through Elite.
Volumetric and application-layer attacks absorbed at CDN level before reaching your server. Server-level connection rate limiting provides a second line of defence.
Active WAF at both CDN and server level blocks SQL injection, XSS, malicious file uploads, and known exploit patterns. Rules updated continuously.
Continuous server-wide scanning detects infections the moment they occur. Automatic remediation included — no emergency fees, no waiting for a support ticket.
Security configuration is enforced automatically across every site on the server: correct file permissions, locked configuration files, PHP execution blocked in uploads, XML-RPC disabled, and admin login rate limiting — maintained without manual intervention.
Server-level rate limiting on wp-login.php, automatic IP blocking on repeated failures, and CAPTCHA integration. Offending IPs are added to the block list instantly.
Every site runs in an isolated Enhance CP container. A compromised site cannot affect neighbouring accounts — no shared PHP processes, no shared filesystem access between customers.
Continuously updated threat intelligence blocks known malicious IPs at the server level. Country-level blocking available where appropriate.
Weekly automated scans across all WordPress installations identify vulnerable plugins, themes, and core files. Bulk update tools apply patches server-wide automatically.
Idle admin sessions are terminated automatically, reducing the risk of session hijacking. Secure login keys are refreshed regularly across all sites.
Server-wide outbound spam filtering protects your server IP reputation and ensures reliable email delivery — critical for WooCommerce order confirmations and contact forms.
Per-site MySQL resource limits prevent a runaway query or traffic spike from affecting other sites. Your database stays stable under pressure.
SSL certificates are provisioned, installed, and auto-renewed for every domain. You will never have an expired certificate or an insecure browser warning.
Our bare-metal infrastructure runs on dedicated hardware in a UK data centre with physical access controls, CCTV, and biometric entry. Servers are not shared between customers or with any third party.
We run Enhance CP as our control panel — a modern, security-first platform with container-based site isolation, role-based access controls, and a minimal attack surface compared to traditional cPanel or Plesk deployments. Each customer account and each site is isolated at the OS level.
LiteSpeed Enterprise provides built-in anti-DDoS, connection throttling, and bandwidth throttling at the web server level — before requests reach PHP or WordPress. Combined with our server security layer and QUIC.cloud, this means three independent layers of threat filtering on every request.
All server access is restricted to authenticated staff via SSH key authentication. Password-based SSH is disabled across all infrastructure. OS and software patches are applied on a regular schedule, with critical security patches deployed as emergency updates.
Every plan — from Launch at £25/mo — includes the full dual-layer security stack described above.