Here’s How We Keep Your Websites Safe at Hostinger

With tens of thousands of websites attacked and new pieces of malware discovered each day globally, business owners need to take their site security seriously. Safeguarding your online presence is essential to protect sensitive data, maintain trust with your visitors, and ensure uninterrupted operations.

That’s why choosing a hosting provider that prioritizes security is not just a luxury – it’s a necessity. From resilient data centers to proactive monitoring, from firewalls to malware scanners, from backups to automatic updates – we offer all of this and much more for free to all our customers.

Read on and explore the measures and tools we have to maintain the security of your online presence. We’ll also share some tips on what you can do (and what not to do) to keep your websites intact.

Infrastructure

All your websites, emails, apps, and other digital projects you own with us are stored on physical servers distributed across 11 data centers on four continents. We set high standards not only for ourselves, but also for our partners, to ensure both physical and operational security and deliver robust services for your websites and other services.

Physical Security

Theft, fire, cable damage – there are all sorts of threats, so security starts with physical security.

As we don’t own or operate any data centers ourselves, we choose our partners very carefully and place high demands on the security and reliability of the facilities they offer to keep your data safe.

Fenced areas, security guards, 24/7 monitoring with video surveillance, and access control are must-haves for each of our data centers.

All premises feature redundant power and cooling systems, as well as multiple network connections. This means that even if one system fails or a line goes down, there is always a backup, so your sites will be up and running.

Monitoring and Maintenance

Take care of your business with peace of mind, while our dedicated in-house security team provides 24/7 server monitoring and tracks system performance and availability.

Scheduled, regular server and infrastructure maintenance, including operating system updates and security patches, help prevent 0-day security vulnerabilities from being exploited. Meanwhile, failover systems and regular alerts enable us to address service disruptions before they happen. This contributes to our 99.9% uptime guarantee for your websites and other services at Hostinger.

Our hosting infrastructure is fortified with advanced security modules like mod_security and PHP module, which intercepts malicious requests in PHP processing phase. It helps protect your websites from common types of web application attacks, such as SQL injection.

We also continuously scan all our systems and servers for vulnerabilities to detect potential security issues and running malware, and proactively implement fixes.

Website Security

Powerful, secure infrastructure – check. But that alone is not enough.

What makes web hosting special is that websites share server resources together. This means that an attack or activities on one website can affect other websites hosted on the same server. Distributed denial of service (DDoS) attacks and malware are just a few examples.

We not only prevent it but also give you the tools for a smooth and secure experience.

Firewall and DDoS protection

DDoS attacks have become part of our daily routine: in 2023, an average of 500 attacks a day targeted our infrastructure.

We employ a web application firewall and a DDoS traffic filter to protect your websites against these hacking attempts, data breaches, and malicious attacks. We also constantly assess the resilience of our systems with rigorous penetration tests. Here’s a simplified model of how our traffic filtering works:

For Business web hosting and all cloud hosting plan clients, our in-house content delivery network (CDN) provides an extra layer of protection against botnet attacks for free. It dynamically identifies and diverts malicious requests away from the origin server, thus protecting against downtime or service interruptions.

Meanwhile, Hostinger Website Builder clients get these benefits from Cloudflare CDN, which has servers in over 250 locations around the globe.

Malware Protection

Every website, application, or service hosted with us also gets robust malware protection. We partner with Monarx to identify and clean hundreds of millions of malware instances annually, such as webshells, uploaders, adware, ransomware, and redirects.

The anti-malware protection works on endpoints and servers, meaning that all websites are covered. In short, malware on one website will not harm other websites hosted there.

The service is free and automatically enabled for all our web and cloud hosting clients. As for VPS hosting, the tool is also activated and detects malware, but you need to purchase a license to remove it automatically.

Backups

Certainly, we always expect the unexpected. That’s why all your data is backed up so that you can restore your website at any time:

• Web hosting site backups occur weekly or daily, depending on the plan you choose.
• Cloud hosting client websites, as well as stores on Managed WooCommerce hosting plans, are backed up daily.
• When using Hostinger Website Builder, the initial backup is created when you publish your website, with subsequent backups automatically generated and stored for 30 days.
• All VPS hosting plans include weekly backups and one snapshot.

WordPress Security Enhancements

WordPress, the most popular content management system in the world, is highly popular at Hostinger as well: it powers roughly half of all our websites.

Therefore, in addition to all the other security measures mentioned in this article, we pay extra attention to the security of WordPress sites:

• WordPress Smart Automatic Updates provide a balance between security and stability. Configure which type of updates should be installed automatically and which ones you will install manually, and take advantage of pre-update backups in case issues arise.
• WordPress Vulnerabilities Scanner periodically checks WordPress core, plugins, and themes for security gaps. If anything comes up, you will be the first to know, along with further steps you should take to keep your website safe.

Unlimited Free SSL Certificates

We understand that in addition to having a secure website, you also strive to ensure the safety of your visitors. That’s why we were one of the first on the market to offer unlimited free Secure Socket Layer (SSL) certificates with automatic and free renewals.

A padlock icon in the browser’s address bar indicates that the data exchanged between a user’s browser and a website is encrypted. These SSL certificates are essential to protect sensitive information such as passwords and credit card details.

Access Management

Access and manage your websites securely: all plans include Secure Shell (SSH) access, offering a secure and encrypted method for remotely accessing and managing your website’s files and server configuration.

Furthermore, make use of our Secure Access Manager to streamline user access and permissions management and collaborate smoothly with your team or freelancers.

Domain Security

The domain name is the address people use to access your website or other online project, meaning its integrity is crucial. Secure it with Cloudflare Protected Nameservers, which are automatically enabled for all domains at Hostinger. This firewall-as-a-service helps ensure top-tier security and reliability against DDoS attacks, DNS tampering, and malicious redirection for your domains.

Additionally, our WHOIS privacy protection, free for a lifetime for eligible domains, keeps your personal information safe, helping you avoid spam messages, phishing campaigns, and other types of hacking attempts.

We also recommend that you protect your name or brand online. For example, abusers can impersonate you by registering a similar domain with a different ending – using .net or .org instead of .com, and so on. To avoid this, register other similar domains in advance.

Email Security

Each email account at Hostinger is shielded from spam, viruses, malware, phishing attempts, and other email security risks.

Powered by machine learning and real-time threat data updates, our enterprise-grade email protection blocks 99.9% of malicious content. This multi-level solution ensures that your inbox remains secure and you receive only the emails you need.

All email accounts at Hostinger have SPF, DKIM, and DMARC enabled by default. These authentication methods verify the origin of emails, ensuring they are sent from the claimed domains, protecting you from spoofing and abuse.

Furthermore, we actively track suspicious activity in email accounts. If we detect such activity, we suspend the email account and inform the customer so that they can take further action.

Data Security

We make every effort not only to ensure the security and availability of your websites but also to protect your data. Our compliance with all applicable laws and regulations, such as the GDPR in the European Union and the LGPD in Brazil ensures this.

You can read about this in detail in our Data Processing Addendum, and here are some highlights:

• We encrypt personal data in databases with secure hashing algorithms, including passwords. Even if malicious actors were to gain access to this data, they would not be able to use it without a decryption key.
• Employees’ computer hard drives are encrypted, and remote systems can only be accessed via VPN, safeguarding against unauthorized access.
• Two-factor authentication (2FA) is enabled across all applicable systems, providing additional protection against unauthorized access. 
• Role and function-based access provisioning ensures that employees only have access to the resources they need, and centralized audit and security logs maintain visibility into user access and changes.
• We adhere to industry standards such as OWASP secure coding practices, ensuring that security is integrated into every aspect of our development processes.

Tips and Recommendations to Safeguard Your Online Presence

No matter how secure the hosting is, if the password is easy to guess, the network and devices are unsecure. If the apps and plugins are full of vulnerabilities, bad actors will find another way.

As a website owner, you also have a role to play in ensuring the safety of your website and account.

With that in mind, our security experts have compiled a list of tips and recommendations to empower you to bolster the security of your online assets.

• Use strong passwords. Employ complex passwords for all your accounts to thwart unauthorized access. Additionally, enable social login and two-factor authentication for an added layer of security.
• Keep your credentials secure. Never share your login credentials with anyone. Instead, utilize our Access Manager feature to safely grant collaborators access.
• Use secure networks. Avoid public Wi-Fi networks, opting for trusted connections like your home or office, to access and manage your account. If you must use public Wi-Fi, connect with a VPN.
• Stay updated. Keep your operating system, CMS, and application extensions up to date with the latest versions to patch any known vulnerabilities.
• Regularly scan devices. Maintain the integrity of your devices by regularly scanning them with up-to-date antivirus software, minimizing the risk of malware.
• Use trusted providers. Download extensions, plugins, modules, and themes only from reputable and trusted sources to minimize the risk of installing malicious software.
• Back up regularly. Safeguard against data loss by routinely downloading backups of your website files and database to your local device. Additionally, ensure your emails are backed up to prevent any loss of critical information.
• Secure your contact forms. Spammers exploit website contact forms, flooding inboxes, reducing email delivery, and posing security risks. Secure your forms with captchas and antispam plugins to prevent this.

By implementing these security practices, you can significantly reduce the risk of security breaches.

Conclusion

We are committed to safeguarding your online presence with comprehensive security measures, from robust physical infrastructure to cutting-edge technology solutions. Our clients not only purchase quality hosting; they invest in peace of mind.

Remember, implementing the best security practices and staying vigilant are crucial for maintaining the security of your website and account. And if you have any questions or need help, our Customer Success team experts are here to assist you anytime.