WordPress security that starts before your site
Most WordPress attacks are automated: bots probing wp-login, exploit scanners, request floods. On G7Cloud that traffic meets ScaleShield at the edge — and what does get through lands in a container that is yours alone.
Defence in layers
Six concrete security measures on every plan
No vague "enterprise-grade" claims. These are the specific, code-verified protections your WordPress site gets from day one.
ScaleShield WAF & bot filtering
Every request passes through ScaleShield before reaching your container. WAF rules and bot detection drop automated attack traffic at the edge — it never touches PHP.
Free TLS, wildcard included
Automatic certificates on every domain and subdomain, renewed without you thinking about it — plus expiry alerts from our monitoring so a lapsed cert never surprises you.
Per-site container isolation
One container per site means no shared PHP process, no shared filesystem. A vulnerability in another customer’s site is their problem, not yours — and vice versa.
One database per site
Your MariaDB database holds your data and nothing else. There is no shared instance where a neighbouring site’s SQL injection could wander into your tables.
2FA & team roles
Two-factor authentication on dashboard accounts, and five team roles (owner, admin, developer, editor, viewer) so nobody gets more access than their job needs.
Scoped SFTP & audit logging
Create SFTP sub-accounts scoped to a single site for contractors, and see who did what: mutating admin actions on the platform are audit-logged.
Why isolation matters
The quiet risk of shared hosting is other people
On a typical shared server, hundreds of WordPress sites live on one filesystem behind one PHP service. When one of them runs an abandoned plugin with a known exploit, the attacker's next move is lateral — and the neighbours are the target. That is not a hypothetical; it is the standard pattern of mass WordPress compromises.
G7Cloud's answer is architectural, not bolted on: there are no neighbours inside your container. Your files, your PHP processes and your MariaDB database are yours alone. The worst day of the noisiest customer on the platform has no path to your site.
- No shared filesystem — nothing to traverse into
- No shared PHP workers — no cross-site process access
- No shared database instance — your tables stand alone
- Restore-tested backups if you ever need to roll back
Straight talk
What we protect — and what stays your job
The platform handles
- WAF and bot filtering at the edge (ScaleShield)
- TLS certificates, renewal and expiry alerts
- Container and database isolation per site
- Backups, restore-tested nightly
- Account security: 2FA, roles, scoped SFTP, audit logs
You still own
- Keeping WordPress plugins and themes updated
- Strong admin passwords for wp-admin itself
- Choosing plugins with a maintenance track record
- Removing themes and plugins you no longer use
We make that side safer too: clone your site before a risky update and test it on the copy first.
WordPress security — honest answers
What exactly does ScaleShield do?
ScaleShield is the edge layer in front of every G7Cloud site. It terminates TLS, applies WAF rules and filters automated bot traffic — the exploit scanners, credential-stuffing scripts and request floods that make up a large share of raw traffic to any WordPress site. That traffic is dropped at the edge, before it ever consumes your container’s PHP workers.
Do I still need a WordPress security plugin?
The platform covers the network and infrastructure layers: WAF and bot filtering, TLS, per-site isolation, scoped access and restore-tested backups. WordPress-level hygiene is still yours to own — keeping plugins updated, using strong passwords, removing unused themes. Site cloning makes those updates safe to test first. We would rather tell you that than pretend a hosting plan makes plugin maintenance optional.
Are you SOC 2 or ISO 27001 certified?
No — we are a small UK engineering team and we do not claim certifications we do not hold. What we offer instead is verifiable specifics: dedicated containers per site, one database per site, ScaleShield WAF in front of everything, 2FA on accounts, scoped SFTP sub-accounts, audit logging of admin actions, and backups that are restore-tested every night.
What happens if my site is compromised anyway?
Isolation limits the blast radius: a compromised plugin on your site cannot reach any other customer, and no other customer’s compromise can reach you. For recovery you have daily backups — every one restore-tested nightly — with full, single-file and database-only restore, so you can roll back to a known-good state.
How is access to my site controlled?
Dashboard accounts support two-factor authentication and team roles (owner, admin, developer, editor, viewer), so a contractor never needs your owner login. SFTP supports scoped sub-accounts — grant a developer access to one site’s files without exposing anything else — and mutating admin actions are audit-logged.
Related reading: performance, maintenance & backups and WordPress support & maintenance.