Secure WordPress hosting
Nothing is more important to us than the security of your website. Kinsta’s secure WordPress hosting solution implements active and passive measures to stop attacks in its tracks. We monitor your sites every two minutes for uptime, have very tight software-based restrictions in place, detect DDoS attacks as they happen, and proactively stop malicious code from entering our network.View Plans
All sites hosted on Kinsta are protected by Cloudflare’s enterprise-level firewall and includes free DDoS protection. We support two-factor authentication, IP Geolocation blocking, and automatically ban IPs that have more than 6 failed login attempts in a minute. Strong passwords are enforced on all new installs.
Hack fix guarantee
We have hardware firewalls, active and passive security, and other advanced features to prevent access to your data. But if your site is compromised, we’ll fix it for free.
We only support encrypted SFTP and SSH connections (no FTP) when accessing your WordPress sites directly and offer free Cloudflare certificates to enable HTTPS.
Nothing is ever 100% hack-proof. We automatically create 2 weeks worth of backups, meaning a hacked or defaced site can be instantly rolled back.
Complete isolation and latest security updates
Kinsta uses Linux containers (LXC), and LXD to orchestrate them, on top of Google Cloud Platform which enables us to completely isolate not just each account, but each separate WordPress site. All sites hosted on Kinsta are also protected by Cloudflare’s enterprise-level firewall, which includes free DDoS protection. This is a much more secure method than offered by other competitors. Because of the sheer scale of Google’s infrastructure, it enables our platform to simply absorb many DDoS attacks automatically.
Google also has relationships with some of the biggest ISPs in the world, which helps improve the security of your data in transit as it means less hops across the public internet. They also employ encryption at rest to store customer data.
We will also never host a WordPress site that is running on an unsupported version of PHP due to the fact that they no longer have security updates and are exposed to un-patched security vulnerabilities. We offer current supported versions only, PHP 8.0, 7.4, and 7.3. WordPress minor security patches are also automatically applied as soon as they are available to ensure your site is fully up to date.
All Kinsta servers and CDN support TLS 1.3, a new encryption protocol update that is both faster (reducing HTTPS overhead) and more secure than TLS 1.2.
Finally, someone recommended we try Kinsta. In less than 48 hours, we were full transferred over and the site was no longer broken! They fixed everything so quickly. The customer service is incredibly responsive, 24/7 access, very pleasant and timely. We are so thrilled to finally have a true hosting partner that understands and knows how to help us. We are planning a lot of growth in the next year and are grateful to have found a hosting partner we feel confident will help us succeed.
Extra security precautions and tools
Kinsta employs a lot of other security precautions to protect you. We remove the PHP version you're using from the HTTP headers on your WordPress site. Our open_basedir restrictions also don't allow execution of PHP in common directories that are prone to malicious scripts.
There is no need to worry about XML-RPC brute force attacks. These types of requests are blocked by default (unless whitelisted explicitly by our team) and will produce a 403 error, stopping them in their tracks.
Need to block a spammer? We've made this easy! In our MyKinsta dashboard, you will find an IP Deny tool you can use to block any IP address from hitting your site.
Want to lock down your site during development? We've got you covered with our one-click password protection (htpasswd) tool. Don't let the public access it until you or your client are ready.
Why secure WordPress hosting is important
WordPress in itself is not insecure, it’s usually bad user practices and out of date software that causes problems, including:
- Exploits targeting WordPress: using outdated or poorly coded plugins and themes or using outdated versions of the WordPress core.
- Compromised credentials: an attacker captures a user’s WordPress admin, database, SSH, or SFTP credentials.
Here are some additional reasons why secure WordPress hosting is so important:
- According to a 2019 study by Sucuri, a multi-platform security company, WordPress continues to lead the infected websites they worked on at 94% (up from 90% in 2018, 83% in 2017, and 74% in 2016) (Source).
- Over 43% of the web is powered by WordPress and according to internet live stats over 110,000 websites are hacked every day.
- 77% of WordPress users are using an unsupported version of PHP, 7.0 or lower. Meaning they are exposed to unpatched security vulnerabilities. (Source).
- “Fundamentally, security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked.” (WordPress Security Codex).
How secure is the competition?
Not only do users have problems, but even the competition has encountered major security breaches over the past couple years. This is why it is imperative that you choose a host you can trust that employs the latest security measures.
- Web host Hostinger says data breach may affect 14 million customers (Source).
- Bluehost, Dreamhost, Hostgator, OVH, and iPage vulnerable to user account hijacking (Source).
- Massive security flaw found with Bluehost, Hostgator, SiteGround, GoDaddy and other hosts (Source).
- WP Engine Security Breach: Customer Credentials Exposed (Source).
- Amazon AWS error exposes info on 31,000 GoDaddy servers (Source).
- Weebly hacked, 43 million user credentials stolen (Source).
- Bluehost sites hacked, including their CEO’s blog (Source).
- Media Temple WordPress installs hit with a WordPress redirect exploit (Source).
- GoDaddy, DreamHost, and Network Solutions hacked with malware (Source).
- SiteGround caused customers’ websites to be insecure due to their SG Optimizer plugin (Source).
Already with us
Kinsta is reliable and makes shipping changes easy. The support team was exceedingly helpful when we needed to migrate our blog. A+ on their support team.
Absolutely fantastic - cannot rate highly enough in terms of speed, support, and UI. Went from WP Engine to Flywheel, then to Kinsta and couldn't be happier.
Our agency has worked with all the major hosting platforms. Kinsta is crazy fast and the support is stellar! We moved all our clients to Kinsta and haven't looked back.
With Kinsta's professional support we sleep safely at night. And with the blazing fast servers, we serve our customers better than ever before!
Hands down one of the best bootstrapped WP hosting companies. Absolutely love their support staff and developer-friendly features (not to mention they are insanely fast).
Really love the level of experience and support Kinsta's live chat engineers provide. The 24/7 support is a game-changer for large sites, especially ecommerce.
Living in Australia, we’re used to unavailable live support from international services. This has changed with the Kinsta Support team who are professional, polite, always available and eager to help. Our search for a new hosting provider was due to hosting security concerns and unresponsive hosting partners. Migrating to Kinsta was a straightforward and surprisingly pleasant process. Since migrating iCompareFX.com, we are seeing faster website speeds, higher conversions within a more secure environment.
We truly cannot say enough about the level of customer service that Kinsta provides - it's always a great experience, with very personable and helpful support.
Great performance and the best technical support! Moved from WiredTree at which I experienced a lot of downtime since the acquisition. I’m amazed how my website’s performance drastically improved and is loading fast now. They do have the best support too. Specifically, the technical knowledge compared to the other hosting providers. Really glad I switched to Kinsta!
Kinsta has allowed us to offer a bulletproof service to our top tier clients and keep them happy. Especially those who have traffic spikes with sudden server demand.
Secure your brand’s online presence
Some of the world’s biggest brands and industries rely on Kinsta’s Secure WordPress hosting. Our expert team has your back 24/7. Ready to get started?