Magento Security Starts With Isolation
Your store runs in its own container with its own database — there is no shared web root for a neighbour's compromise to spread through. In front of it: ScaleShield WAF and bot protection. Behind it: backups proven by a real restore every night.
Isolation
One store, one container, one database
Most ecommerce breaches on cheap hosting spread sideways: one outdated site on a shared server infects fifty neighbours. That path does not exist here.
Isolated containers
Every store runs in a dedicated container with its own filesystem and its own PHP processes. There is no shared web root, so a compromised neighbour has nothing of yours to read or write.
A database of your own
One MariaDB database per store — never shared tables, never shared credentials. Order data, customer accounts and admin users live in a database only your store can reach.
Scoped SFTP access
SFTP on port 2222 with scoped sub-accounts: give an outside developer access to exactly the directories they need, and revoke it without changing your own credentials.
At the edge
ScaleShield: the traffic your store never has to fight
Ecommerce sites attract a particular kind of abuse: card-testing bots cycling stolen numbers through checkouts, credential-stuffing attempts against customer logins, and scrapers that hammer layered navigation with thousands of expensive uncached requests.
- Web application firewall in front of every store — malicious requests filtered before they reach PHP
- Bot protection that keeps automated abuse off your checkout and out of your analytics
- Free automatic TLS on every domain, including wildcard certificates — with expiry alerts so a lapsed certificate never takes your store down
People & access
Most breaches walk in through the front door
Stolen credentials compromise more stores than clever exploits. The controls that matter are the boring ones — so we built them all in.
Two-factor authentication
Protect your G7Cloud account with 2FA, so a leaked password alone cannot reach your hosting controls.
Team roles
Owner, admin, developer, editor and viewer roles mean your bookkeeper never has deploy rights and your developer cannot delete the account.
Audit logging
Mutating actions are recorded: who restored the backup, who changed the PHP settings, who added the SFTP account — with timestamps.
WireGuard networking
On Pro and above, a per-tenant WireGuard private network gives you encrypted private access to your container — no exposed management ports.
Recovery
Security is being able to recover
No layer of prevention is perfect — ours included. What separates a bad day from a catastrophe is whether you can get back to a known-good state quickly and with confidence.
- Every backup is restore-tested nightly: a real restore into a sandbox, automatically verified — you find out a backup is broken from us, not during an incident
- Restore a single tampered file or just the database — surgical recovery instead of rolling the whole store back a day
- Off-site copies to your own S3, R2 or SFTP target keep your history outside our platform
- MariaDB hot-standby replication runs underneath your database
- Worker-local routing means your store keeps serving customers even if our management plane goes down
The incident playbook, built in
- 1.Something looks wrong — an alert fires from per-minute monitoring, or you spot a modified file.
- 2.Check the audit log and file timestamps over SFTP or the in-browser terminal to scope what changed.
- 3.Restore the affected files or database from a verified backup — one you already know restores cleanly, because it was tested last night.
- 4.Rotate credentials: dashboard password, 2FA review, SFTP sub-accounts, Magento admin users.
What we deliberately don't claim
Security pages in this industry are full of borrowed badges. Here is our honest position:
- We hold no compliance certifications, and we will not imply otherwise. Card data on a typical Magento store is tokenised by your payment gateway and never touches your server — that is where the certification lives.
- We do not patch your Magento application for you. We give you safe conditions to do it: manual pre-change backups, single-file restore, SFTP and a terminal.
- We publish no uptime percentage. Instead you get independent per-minute monitoring and alerts — measure us yourself.
Everything we do claim on this page is a live, verifiable platform feature. That trade — fewer badges, more substance — is the whole idea behind our Magento hosting.
FAQ
Security questions, answered straight
Is G7Cloud PCI-DSS certified?
No, and we will not pretend otherwise with a badge wall. On a typical Magento store, card details are tokenised by your payment gateway (Stripe, PayPal, Adyen and similar) and never stored on the server — your gateway holds the certification for card handling. What we provide underneath is honest, verifiable hardening: isolated containers, a WAF, TLS everywhere, 2FA and tested backups.
Do you patch Magento for me?
Applying Magento application patches is your or your agency’s job — we think pretending otherwise is how stores get breached. What we make sure of is that patching is safe and easy: take a manual backup first (restorable to a single file if needed), test with SFTP or the in-browser terminal, and roll back cleanly if something breaks.
What happens if my store is compromised?
You have real recovery options, not just sympathy. Restore the whole site, a single tampered file, or just the database from any backup — and because every backup is restore-tested nightly in a sandbox, you know the restore will work before you need it. Off-site copies on your own S3, R2 or SFTP target mean an attacker with dashboard access still cannot destroy your history.
Who can access my store’s container and files?
You control that. SFTP supports scoped sub-accounts so a developer gets exactly the directory access they need and nothing more. Dashboard access supports two-factor authentication and team roles (owner, admin, developer, editor, viewer), and mutating actions are audit-logged so you can see who did what, when.
What does ScaleShield actually block?
ScaleShield sits in front of every site as a web application firewall with bot protection and automatic TLS. For Magento stores the bot layer matters most: card-testing bots probing your checkout and scrapers hammering layered navigation get filtered at the edge before they consume your PHP workers or pollute your analytics.
Running WooCommerce instead? See WooCommerce hosting — or compare every way to run a store on our ecommerce hosting hub.