Hacker Free WordPress Security

We’re designed to make sure your sites are safe and secure.

Because of it’s popularity, WordPress has become a target for hackers and malicious users across the internet. We’re always on top of the latest WordPress security vulnerabilities and proactively block threats when we can. We work hard to make sure your sites are safe and secure.

No more WordPress security plugins
WPhost handles all WordPress security at the server level – this means there’s no need for any security plugins. Since conflicting plugins bring performance issues of their own, we recommend that you don’t even install them.

While most WordPress sites don’t need to worry about DDOS attacks, an advanced option is to add Cloudflare to your WordPress site. WPhost is a CloudFlare Certified Partner. All WPhost plans now include our built-in global Content Delivery Network (powered by Fastly) for free.

Keeping plugins up-to-date is one of the best ways to ensure your site is secure and running great! However, we know that managing plugin updates is time consuming and distracts from other valuable work that can grow your business. With WPhost Managed Plugin Updates you can get back to work and trust that your site will always be up-to-date and online. Enroling your site allows you to offload this tedious task!

New Zealand's only dedicated WordPress hosting NZ provider with CDN points strategically located in Auckland and Wellington

Security-focused WordPress hosting

How we work hard to keep your sites safe and secure:

Managed WordPress Updates

WPhost ensures your site is running the latest and greatest version of WordPress. Managed WordPress hosting means we handle all core WordPress updates for you so your WordPress software will always be up to date and secure. These updates often include security patches and fixes, which close any loopholes that hackers may have discovered. On WPhost, security updates are rolled out within days of their release.

Free Malware Removal

Nobody wants to have tasteless ads show up on their homepage, so our team of WordPress experts work hard to make sure your website is malware-free. Unfortunately, there’s always a small chance hackers could find their way around your defence so in the unlikely event that your site is hacked or compromised, our team of WordPress Experts will quickly and carefully undertake our free malware removal service and fix it!

WordPress core files locked down

On WPhost, nobody can overwrite your WordPress core files. Everything in your WordPress install is locked right down, aside from your custom content. This also means users can’t edit your core files which is a good thing – it’s best practice to leave core files alone as they’ll get swapped out in WordPress updates. What’s more, you don’t want your hard work getting wiped out every time WordPress is updated!

Brute force attack blocks

At site level, all WPhost sites have a highly effective plugin installed to block repeatedly failed login attempts – this is highly effective at making brute-force attacks difficult or even impossible to perform. In the rare of occasion that a user has forgotten their password and keeps trying dozens of time in just a few minutes, they’ll see a ban page but will be presented with easy, on-screen instructions to get their IP un-banned.

Intelligent IP blocking

Our security systems use intelligent IP blocking to detect and block intruders across all sites on the WPhost network within seconds. We monitor popular points of entry for hackers and immediately lock out any IP address trying to get through. These points include:

  • Failed SSH Access Attempts
  • Failed WordPress Login Attempts
  • Spam WordPress Comments
  • XMLRPC Connections

WPhost uses a variety of techniques to block traffic starting with preventing known malicious IP addresses from opening a session with the server. Another layer of security detects “banned” access attempts and displays a cached page to the visitor stating that their connection has been banned. Since banned IP information is shared across sites, we develop a kind of “herd immunity” in real time as attacks come in. Your site’s protected from hackers before they even try to attack!

Google Cloud Platform

Infection Insurance

We pride ourselves in keeping your sites safe and secure through our preventative WordPress security measures.

Malware prevention is ongoing where our systems must react and adapt to new WordPress threats introduced by third-party plugins, WordPress themes and weak passwords. Unfortunately, there’s always a small chance hackers could find their way around your defence and some clients may want an extra level of assurance, and even greater peace of mind. This is why we offer Infection Insurance. Infection Insurance is now included free with all Silver, Gold, Platinum and Agency plans.

WordPress Infection Insurance
  • If we learn of a wide-spread malware vulnerability within a plugin we will alert you of our recommended action.
  • In the event you find your site has been compromised, or your site is hacked, our WordPress Experts will jump in right away and get to work cleaning up the infection – for free! Alternatively, we’ll urgently restore the site to any of your 30 most recent backups.
  • Immediately following the cleaning of your site, our team will check your website’s blacklist status with blacklist authorities. A blacklisted site loses at least 95% of it’s traffic.
  • Finally, we’ll take a hacker’s view to bring you real time information about what plugins are vulnerable so you can act accordingly. Leveraging the WPScan Vulnerability Database, we’ll detect known security vulnerabilities and address issues such as CSRF (Cross-Site Request Forgery), XSS (Cross-site scripting) and RFI (Remote File Inclusion).