Security Built into Every Layer
From the edge firewall to the data center perimeter, every Propagate Hosting plan includes enterprise-grade security. No plugins to install, no extra fees, no configuration required.
See PlansIncluded on Every Plan
These are not premium add-ons. Every account gets the full security stack.
Web Application Firewall
A WAF running at the network edge inspects all incoming traffic before it reaches your server. Pre-configured rules target the OWASP Top 10 vulnerabilities (SQL injection, XSS, path traversal, and more) and are updated continuously from commercial and custom threat feeds.
Enterprise DDoS Protection
Enterprise-grade distributed denial-of-service protection is active on every plan, covering volumetric Layer 3/4 and advanced Layer 7 attacks. Large-scale attacks are absorbed and mitigated without impacting the availability of your site.
Free SSL/TLS on Every Site
Let's Encrypt certificates are automatically provisioned and renewed for every hosted domain. HTTPS is standard. There is no configuration required and no upgrade needed.
Automatic Malware Scanning
Every site is scanned daily using commercial and in-house malware detection tools. If a threat is detected, PHP mail is automatically disabled to prevent outbound abuse, and you are notified so the issue can be addressed.
Brute Force Protection
Automated login attack blocking stops brute force attempts at the network level before they reach your application.
Multi-Layer Email Security
Inbound email is filtered at multiple stages: network-level IP reputation checks, virus signature matching, and content analysis. SPF and DKIM authentication are supported on outbound mail.
Infrastructure and Data Center Security
Physical security and certified compliance underpin everything we run.
Enterprise-Grade Data Centers
Our hosting runs in enterprise-grade data centers with comprehensive physical and information security controls, independent audits, and compliance programs.
Physical Security
24/7 on-site security personnel, CCTV monitoring, gated and fenced perimeters, and swipe-plus-photo-ID access control. Physical access to server hardware is strictly limited and audited.
Isolated Server Roles
Web, database, email, and logging servers run on separate, isolated infrastructure. A compromise of one role cannot spread laterally to others, limiting the blast radius of any incident.
Redundant Power
Redundant, uninterruptible power supplies and backup generators ensure continuous operation during power disruptions.
Timeline Backups
30-day snapshots of your website files and email, plus 60-day database snapshots. Restore individual files and folders — not just full-site rollbacks.
Least-Privilege Access
Internal staff access to customer systems follows the principle of least privilege. Personnel can only access what they need to do their jobs, and all access is logged.
Tools You Control
Security controls you can manage directly from your hosting dashboard.
Two-Factor Authentication
Enable TOTP-based two-factor authentication on your control panel and SSH access. A second factor prevents account compromise even if your password is exposed.
IP and Country Blocking
Block specific IP addresses or entire countries from accessing your site or control panel, useful for reducing attack surface and bot traffic.
SFTP and SSH with TLS
All file transfers use TLS encryption. You can lock down FTP/SFTP/SSH access to specific IP addresses for additional protection.
Automated and Manual Backups
Your plan includes automated backups on a regular schedule. You can also trigger manual backups on demand before making significant changes.
File Permissions Checker
Identify files with insecure permissions that could be exploited. Run a permissions audit directly from your dashboard.
HTTP Security Headers
Configure security headers (including Content Security Policy, X-Frame-Options, and HSTS) directly from your hosting dashboard. No server configuration files required.
Security Included. No Upgrade Required.
Every plan includes our full security stack: WAF, DDoS protection, malware scanning, SSL, and more. You do not need to pay more or install plugins to get enterprise-level protection.