ScaleShield: WAF & bot protection on every site
ScaleShield is the security layer that sits between the internet and your site. It terminates TLS, filters out abusive bots and blocks attack traffic — all before a single request reaches your PHP, your app or your database. No plugin. No configuration. No extra charge.
The edge layer
What ScaleShield actually does
Three jobs, done at the edge, on every request — so your site only ever spends resources on real visitors.
TLS termination
HTTPS is handled at the edge with certificates we issue and renew automatically — free on every site, wildcard certificates included. You never touch a certificate file or set a renewal reminder.
Bot detection & filtering
Abusive automated traffic — content scrapers, credential-stuffing attempts against your login page, spam and probe bots — is identified and dropped before it reaches your site. Legitimate visitors and search-engine crawlers pass straight through.
WAF rules
Requests matching known attack patterns — SQL injection payloads, cross-site scripting attempts, exploit probes against common software — are rejected at the edge, before your application code ever runs.
Blocked before it ever hits your PHP
A WordPress security plugin can only inspect a request after WordPress has already booted: PHP starts, the database is queried, and only then does the plugin decide the request was junk. The attacker still cost you CPU, memory and database connections.
ScaleShield works the other way round. It sits in front of your dedicated container, so hostile traffic is dropped at the edge — your site never boots for it, never queries the database for it, and never slows down real visitors because of it. That matters most on login pages, search endpoints and checkout flows, where bot traffic is heaviest.
- Your container is never directly exposed to the internet
- Junk traffic consumes zero PHP workers and zero database connections
- Login and admin endpoints are shielded from credential-stuffing bots
- One layer, maintained by us — no rule sets for you to keep updated
The attack is blocked — but it already cost you server resources.
Hostile traffic never touches your container. Your resources serve real visitors only.
How a request reaches your site
From DNS to your dedicated container, in four honest steps.
DNS points at the edge
Your domain's A record points at 31.132.2.56 — the ScaleShield edge — not at the machine running your site.
TLS terminated
The HTTPS connection is terminated at the edge using your free, automatically renewed certificate.
Bot & WAF checks
Bot signatures are filtered and the request is inspected against WAF rules. Hostile traffic stops here.
Forwarded to your container
Clean traffic is routed to the dedicated container running your site — and nothing else is.
On by default. Nothing to manage.
ScaleShield activates the moment a site goes live on G7Cloud — whether it's a managed WordPress site, a git-deployed app, or a site you shipped with the AI Website Builder. There is no onboarding step, no rules dashboard you are expected to babysit, and no premium security tier.
No plugin to install
The protection lives at the network edge, outside your site entirely.
No certificates to renew
TLS certificates — including wildcards — are issued and renewed automatically.
No rules to maintain
WAF and bot rules are managed by us, platform-wide, for every customer at once.
No security surcharge
ScaleShield is part of the platform baseline on every plan, Free included.
ScaleShield works best with…
Edge security is one layer of the platform. It pairs with the rest of what every G7Cloud site gets:
- Per-minute uptime monitoring — so you know your site is up, from independent checks, not a marketing badge.
- Backups that are restore-tested nightly — the recovery layer for when something goes wrong inside the site itself.
- UK infrastructure we run ourselves — dedicated containers, one per site, behind the ScaleShield edge.
ScaleShield FAQ
Straight answers about what the edge layer does — and doesn't do.
Is ScaleShield included on every plan?
Yes. ScaleShield sits in front of every site on G7Cloud — including sites published on the Free plan of the AI Website Builder. It is not an add-on and there is nothing extra to pay.
Do I still need a WordPress security plugin?
ScaleShield replaces the firewall and bot-blocking layers of a typical security plugin, and it works before a request ever reaches WordPress — so junk traffic never consumes your PHP workers or database. Plugins that do other jobs (login hardening, malware scanning inside wp-content) can still be useful, but you no longer need a plugin just to filter traffic.
Will ScaleShield block search engines or real visitors?
No. The bot filtering targets abusive automated traffic — scrapers, credential-stuffers, spam and exploit bots. Ordinary visitors and legitimate search-engine crawlers pass straight through to your site.
How do custom domains connect to ScaleShield?
You point an A record at 31.132.2.56 — the ScaleShield edge. Traffic arrives there first, gets TLS-terminated and filtered, and clean requests are forwarded to your dedicated container. Your container is never exposed directly to the internet.
Does ScaleShield handle my SSL/TLS certificates?
Yes. TLS is terminated at the edge with free certificates that are issued and renewed automatically — including wildcard certificates. You never install, upload or renew a certificate yourself.
Is there anything to install or configure?
No. ScaleShield is active from the moment your site goes live. There is no plugin, no DNS puzzle beyond a single A record for custom domains, and no rule set for you to maintain.