Every site is served through Cloudflare's global network with DDoS mitigation, TLS termination, and bot filtering. The origin server is hidden and only accepts verified Cloudflare traffic.
Web ports accept connections exclusively from Cloudflare IP ranges. Direct-to-origin attacks are dropped at the network layer, making it impossible to bypass edge protection.
ModSecurity inspects every request in real time and blocks brute-force logins, XML-RPC abuse, and known exploit patterns before they reach any application — tens of thousands of malicious requests stopped daily.
Automated detection bans abusive IPs after repeated failures. Per-IP request caps and connection limits mitigate credential-stuffing and CC flood attacks across all hosted sites.
Each hosting account runs with isolated resources under CloudLinux LVE. Administrative SSH access is key-only on a non-standard port with password login fully disabled.
ImunifyAV continuously scans hosted sites for malware and injected code. Daily AIDE checksums and rootkit scans detect any unauthorized changes to system files.
Automated surveillance covers service health, resource abuse, cryptojacking, and abnormal traffic, with instant alerts so issues are addressed before they impact your sites.
Full account backups — files, databases, and configuration — run daily and are replicated to a separate off-site server, ensuring fast recovery in any scenario.