WordPress Hosting · Security

WordPress security that starts before your site

Most WordPress attacks are automated: bots probing wp-login, exploit scanners, request floods. On G7Cloud that traffic meets ScaleShield at the edge — and what does get through lands in a container that is yours alone.

ScaleShield WAF + bot filtering in front of every site
Free automatic TLS on every domain — wildcard certificates included
Per-site container isolation with one database per site
2FA, scoped SFTP sub-accounts, team roles and audit logging

Defence in layers

Six concrete security measures on every plan

No vague "enterprise-grade" claims. These are the specific, code-verified protections your WordPress site gets from day one.

ScaleShield WAF & bot filtering

Every request passes through ScaleShield before reaching your container. WAF rules and bot detection drop automated attack traffic at the edge — it never touches PHP.

Free TLS, wildcard included

Automatic certificates on every domain and subdomain, renewed without you thinking about it — plus expiry alerts from our monitoring so a lapsed cert never surprises you.

Per-site container isolation

One container per site means no shared PHP process, no shared filesystem. A vulnerability in another customer’s site is their problem, not yours — and vice versa.

One database per site

Your MariaDB database holds your data and nothing else. There is no shared instance where a neighbouring site’s SQL injection could wander into your tables.

2FA & team roles

Two-factor authentication on dashboard accounts, and five team roles (owner, admin, developer, editor, viewer) so nobody gets more access than their job needs.

Scoped SFTP & audit logging

Create SFTP sub-accounts scoped to a single site for contractors, and see who did what: mutating admin actions on the platform are audit-logged.

Why isolation matters

The quiet risk of shared hosting is other people

On a typical shared server, hundreds of WordPress sites live on one filesystem behind one PHP service. When one of them runs an abandoned plugin with a known exploit, the attacker's next move is lateral — and the neighbours are the target. That is not a hypothetical; it is the standard pattern of mass WordPress compromises.

G7Cloud's answer is architectural, not bolted on: there are no neighbours inside your container. Your files, your PHP processes and your MariaDB database are yours alone. The worst day of the noisiest customer on the platform has no path to your site.

  • No shared filesystem — nothing to traverse into
  • No shared PHP workers — no cross-site process access
  • No shared database instance — your tables stand alone
  • Restore-tested backups if you ever need to roll back

Straight talk

What we protect — and what stays your job

The platform handles

  • WAF and bot filtering at the edge (ScaleShield)
  • TLS certificates, renewal and expiry alerts
  • Container and database isolation per site
  • Backups, restore-tested nightly
  • Account security: 2FA, roles, scoped SFTP, audit logs

You still own

  • Keeping WordPress plugins and themes updated
  • Strong admin passwords for wp-admin itself
  • Choosing plugins with a maintenance track record
  • Removing themes and plugins you no longer use

We make that side safer too: clone your site before a risky update and test it on the copy first.

WordPress security — honest answers

What exactly does ScaleShield do?

ScaleShield is the edge layer in front of every G7Cloud site. It terminates TLS, applies WAF rules and filters automated bot traffic — the exploit scanners, credential-stuffing scripts and request floods that make up a large share of raw traffic to any WordPress site. That traffic is dropped at the edge, before it ever consumes your container’s PHP workers.

Do I still need a WordPress security plugin?

The platform covers the network and infrastructure layers: WAF and bot filtering, TLS, per-site isolation, scoped access and restore-tested backups. WordPress-level hygiene is still yours to own — keeping plugins updated, using strong passwords, removing unused themes. Site cloning makes those updates safe to test first. We would rather tell you that than pretend a hosting plan makes plugin maintenance optional.

Are you SOC 2 or ISO 27001 certified?

No — we are a small UK engineering team and we do not claim certifications we do not hold. What we offer instead is verifiable specifics: dedicated containers per site, one database per site, ScaleShield WAF in front of everything, 2FA on accounts, scoped SFTP sub-accounts, audit logging of admin actions, and backups that are restore-tested every night.

What happens if my site is compromised anyway?

Isolation limits the blast radius: a compromised plugin on your site cannot reach any other customer, and no other customer’s compromise can reach you. For recovery you have daily backups — every one restore-tested nightly — with full, single-file and database-only restore, so you can roll back to a known-good state.

How is access to my site controlled?

Dashboard accounts support two-factor authentication and team roles (owner, admin, developer, editor, viewer), so a contractor never needs your owner login. SFTP supports scoped sub-accounts — grant a developer access to one site’s files without exposing anything else — and mutating admin actions are audit-logged.

Related reading: performance, maintenance & backups and WordPress support & maintenance.

Put ScaleShield in front of your WordPress site

WAF, bot filtering, wildcard TLS and true per-site isolation — included on every plan from £9/month, with a 30-day money-back guarantee.