We take security seriously, it’s our job to make sure that your WordPress sites are safe from hackers, viruses & malware. We use several layers of firewall protection, both hardware & software based. Along with the firewalls, we have locked down all non-essential to WordPress services on our servers. We employ several server & external side scanning services, including sucuri.

If for any reason your site is compromised while on our WPCloud system, we will make sure your site is cleaned & corrected within 24 hours, at no extra charge! We stand behind our commitment to security.

DDoS – Distributed Denial-of-Service Attack Protection

To protect our clients & infrastructure from DDOS attacks, we use the services of OVH Anti-DDOS.

Their system allows us to mitigate DDoS attacks while still allowing legitimate traffic to access your site.

The OVH network is capable of absorbing all attacks. With an additional 12 Tbps of capacity maintained in relation to the standard usage of all our customers, the OVH network is able to withstand, vacuum, and mitigate a high number of attacks. During the mitigation process, traffic is spread across 9 data centers and 3 continents, allowing for efficient attack vacuuming.

Mitigation At OVH consists of filtering illegitimate traffic and hoovering it up with their VAC technology, while still letting legitimate packets go through.

The VAC system consists of multiple devices, each with a specific function to block one or more types of attack (DDoS, Flood, etc.).

OVH recently protected it’s infrastructure against the largest DDoS attack ever recorded, they are real World tested & ready.

DDoS protection is offered to all our clients at no extra charge.

DATA CENTRE SECURITY OVERVIEWMore details are available here.


All aspects of your account are protected by brute force login attempts. This includes WordPress, sFTP, cPanel, Email & even your support account login.

Our WordPress brute force protection is three-pronged & very effective!

1. As each incorrect login attempt is made, each additional request will be throttled. The amount of throttling time increases with each failed login attempt. This slows any bot down to a crawl by the 10th login attempt & is usually enough to make the bot lose interest & move on.

2. If the attack continues past our throttling, the IP will be banned for a set time limit.

3. Our system uses both AI & shared data from all of our firewall logs to protect all clients from attacks recorded our infrastructure & our network of honeypots. This allows us to proactively protect your site based on attacks recorded on any part of our infrastructure. This shared intelligence is a very valuable protection tool.

WAF – Web Application Firewall

The WAF is equipped to screen & filter out any malicious attempts like DDoS, XSS injection, SQL injection attacks & other malicious activities. The WAF also allows us to perform virtual plugin patching & WordPress hardening measures. It’s also a very valuable tool in our security tool-set & one of the final lines of protection for your WordPress site on WPCloud.