Secure Hosting Done Right.

The 3 Major Components of Hosting Security

There are 3 major components for maximizing your hosting security:

  1. HostM’s Security Practices

    HostM is responsible for the security of our servers and takes data protection and information security very seriously. In order to safeguard your data, we implement a multi-faceted approach:

    • Secure Hosting Features
    • Physical Security
    • Redundancy and Business Continuity
    • People Processes

    These are detailed in the sections below.

  2. Web Developers’ Security Practices

    Web developers are responsible for the security of your web app(s) by ensuring that they implement secure coding practices. Care should be taken to significantly reduce or eliminate vulnerabilities in web apps before deployment.

    Security threats that need to be addressed by web developers include but are not limited to: cross-site scripting, cross-site request forgery, SQL injection, code injection, path disclosure, arbitrary code execution, memory corruption, data breaches, file inclusion, and buffer overflow.

  3. Account Owners’ and Website Operators’ Security Practices

    Account owners and website operators are responsible for the security of their hosting and email account(s). Our guides on how to Secure a Compromised Website or Hosting Account and how to Secure a Compromised Email Account provide important guidelines and security best practices.

    For example, account owners and website operators should aim to install only web apps provided by reputable and competent web developers who are committed to web security, and to keep web apps up-to-date at all times so that ongoing security fixes provided by the developers are properly implemented.

Secure Hosting Features

Your HostM account comes with many secure hosting features to help protect your websites and email for peace of mind.

Many of our secure hosting features and more specific details are confidential for obvious security reasons, but here is a partial overview:

  • Server Firewalls, IPS, and IDS

    All hosted services are protected by our network and server firewalls, intrusion prevention and detection systems, which prevent many types of unauthorized access to services such as your hosting control panel, FTP, email, and websites.

  • Web Application Firewall (WAF)

    All websites are protected by our Web Application Firewall which stops many types of website hacking attempts in their tracks.

  • Anti-Malware System

    All websites are continually monitored by our anti-malware system and infected files are automatically cleaned or removed where detected. Anti-virus scans can also be run at any time via your hosting account’s cPanel.

    Since new forms of malware are being created all the time, it is not technically possible for any anti-malware security system to be able to protect against all forms of malware.

  • SPF, DKIM and DMARC

    All domains hosted at HostM and correctly utilizing our DNS and mail servers are automatically protected by SPF, DKIM and DMARC, minimizing the effects of spammers attempting to spoof your domains.

  • Hotlink Protection

    Hotlink protection can be enabled via your cPanel, preventing other websites from embedding your images and stealing your bandwidth.

  • Login Limiters

    Multiple unsuccessful login attempts from the same IP to services such as cPanel, FTP, SSH, and email will cause the security system to temporarily block the IP, greatly limiting the effectiveness of such attempts.

  • Anti-Spam System

    Both incoming and outgoing email messages are automatically scanned and filtered by our anti-spam system. This helps protect you from potentially harmful messages and limits the severity of the loss of your domains’ email and IP reputations.

  • DDOS Mitigation

    Our networks, firewalls and LiteSpeed Hosting setup are configured for DDOS mitigation, limiting the effectiveness of such attempts.

  • Caged File System

    Each hosting account is isolated from other hosting accounts on our systems, preventing data access from other hosting users or malicious parties who compromise other hosting accounts.

  • Encrypted Email Messages

    GnuPG can be set up via your hosting account’s cPanel so that email messages are encrypted and can only be decrypted by the intended recipient of a message.

  • Secure Email Traffic

    All email traffic including POP3 and IMAP is encrypted (scrambled) while in transit using TLS/SSL.

  • Secure cPanel Traffic

    All cPanel traffic is encrypted (scrambled) while in transit using TLS/SSL.

  • Secure FTP Traffic

    All FTP traffic is encrypted (scrambled) while in transit using TLS/SSL or SFTP.

  • Secure Client Lounge

    The entire HostM website, including the Client Lounge, is secured using TLS/SSL.

  • Unlimited HTTPS Hosting

    Free or paid SSL certificates can be installed on any or all of your domains, allowing traffic to and from your websites to be encrypted.

  • HTTPS Web App Installation

    Our built-in web app installer allows you to install web apps directly onto HTTPS-enabled domains within your hosting account.

  • HTTP/2 Hosting

    Provides secure compression features and defines a TLS profile that’s required, including the version, a ciphersuit blacklist, and extensions utilized, for HTTPS-enabled domains.

  • Server Name Indication (SNI)

    Allows you to have multiple SSL certificates installed on your HostM hosting account, so that you can secure as many of your hosted domains as you wish.

  • Strict Transport Security (HSTS)

    For HTTPS-enabled domains, this ensures that modern web browsers know to connect via HTTPS right off the bat, without first trying HTTP and then redirecting to HTTPS.

  • Perfect Forward Secrecy (PFS)

    For HTTPS-enabled domains, this prevents past encrypted communications from being retrieved and decrypted should a long-term secret key be comprommised in the future.

Physical Security

Our servers are housed in some of the most secure data center facilities with security features including:

  • 24/7/365 Security Monitoring

    All data center facilities are guarded and monitored on a 24/7/365 basis by security personnel.

  • High-Security Perimeter

    A video-monitored high-security perimeter surrounds the data center facilities.

  • Controlled Entrance

    Access to the data center facilities is only possible via electronic access control terminals using a transponder key or admission card.

  • Security Footage Recording

    All movements are recorded and security footage is archived for monitoring purposes.

Redundancy and Business Continuity

  • Nightly Backups

    Our backup system keeps the latest nightly copy of your hosting account both locally and remotely. The purpose of our backup system is to allow HostM to restore data if necessary in case of hardware failure or other disasters at our end. With this in mind, the availability of nightly backups older than the latest copy is neither promised nor guaranteed.

    The existence of our nightly backup system is not meant to cause users to become complacent and start relying on it for other purposes. We reserve the right to reject, or charge an administrative fee to perform, any user-requested restoration from our nightly backup system.

    A free on-demand backup and restoration tool is available via cPanel for hosting account data, and a similar tool is available via Softaculous in cPanel for web apps managed by Softaculous.

    Hosting accounts containing abnormally large amounts of data may encounter issues with the various backup mechanisms, including our automated nightly backups. This can affect the integrity of the backup data. We recommend keeping your hosting account(s) as lean as possible to ensure maximal backup and restoration efficiency.

    As with any other information system, users are strongly encouraged to perform their own regular backups to guard against issues such as human errors when updating your websites and data loss caused by users or their associates implementing inadequate security measures.

  • Off-site Backups

    Secure copies of nightly backups are made to off-site locations for additional protection against unexpected events.

  • Uninterrupted Power Supplies

    The data centers are equipped with redundant uninterrupted power supplies, ensuring backup battery capacity. Emergency diesel-generated power is available on standby 24/7/365.

  • Cooling Systems

    Environmentally-friendly cooling systems are employed and climate control is effected via a raised floor system.

  • Fire Prevention

    Modern fire detection systems are in place and directly connected to the fire alarm centers of local fire departments.

People Processes

  • Security Training

    All personnel are provided with comprehensive internal security training to ensure that they implement good security practices.

  • Auditing

    Regular audits are performed and reviewed by management to ensure continued compliance by personnel to security protocols.

  • Authorization

    Personnel have different levels of security clearance, ensuring that they only have access to data that is relevant to the task at hand.

  • Dedicated Security Team

    A dedicated security team is on call 24/7/365 to respond to security alerts and events.


Get Started Today!

Should you have any further questions about our secure hosting setup, please feel free to contact us. If you’re ready to get started, click here to open your account today!