Every hosting account includes enterprise-grade security at no extra cost. Free SSL certificates, web application firewall, 1 Tbps DDoS protection, daily malware scanning, and two-factor authentication, all included.
Every 365i hosting account includes free wildcard SSL certificates, a web application firewall, 1 Tbps DDoS protection, daily malware scanning, and two-factor authentication. Data centres are ISO 27001 certified with 24/7 on-site security, redundant power, and biometric access controls. Security headers, brute force protection, and automatic patching are configured at the server level so you don't need third-party security plugins.
Your website is protected by overlapping security systems that work together. If one layer is bypassed, the next catches the threat.
1 Tbps DDoS mitigation filters malicious traffic at the network edge before it reaches your server.
Enterprise WAF inspects every HTTP request, blocking SQL injection, XSS, and path traversal attacks.
Free wildcard SSL certificates encrypt all data in transit. HTTPS everywhere, automatically.
Daily automated malware scanning detects threats before they cause damage. Detailed reporting included.
Two-factor authentication, brute force protection, and IP blocking keep unauthorised users out.
Three-tier spam and virus scanning protects your inbox from phishing, malware, and junk email.
SSL certificates are essential to secure web browsing and data transfer. We provide free SSL certificates that make every site we host HTTPS enabled.
Our free SSLs are wildcard certificates. This enables you to secure subdomains as well as your primary domain using a single certificate.
To take advantage, you only need to use our name servers for your domain.
Our Web Application Firewall (WAF) helps protect your data and software by blocking suspicious activity.
Web forms are often used to insert malicious code, such as SQL injection. This can give access to your database tables. Forms are not covered by traditional firewalls, as their nature is to allow information to pass from the user to the server.
Our WAF inspects every HTTP request for SQL injection, trojans, cross-site scripting, path traversal, and many other types of attack. It does this faster than the blink of an eye.
We regularly update our set of rules that filter out malicious requests.
DDoS attacks (Distributed Denial of Service) are an ongoing threat on the web. They flood your site with requests from numerous sources such that your site does not have enough resources to serve all the requests. Thus, your site goes down until the attacks stop.
Our anti-DDoS protection filters out malicious traffic, so you can carry on working without any interruptions. You will be unaware that the attack is happening, and the attackers are completely thwarted.
All websites on our WordPress, Windows, and Linux shared hosting platforms are scanned daily for common malware.
You receive a detailed report on the results of this scan in your My365i control panel.
WordPress users also have another way to check for malware, through our WordPress Checksum Report in our WordPress Tools suite. This checks that your WordPress core matches the official WordPress repository.
All emails and forwarders receive advanced antivirus and anti-spam protection through a three-tier scanning system:
Commercial anti-spam blacklists from Spamhaus, Invaluement, and Barracuda Networks are used to reject mail from known spam networks.
All known malware signatures are rejected, preventing infected attachments and malicious payloads from reaching your inbox.
Messages are scanned and scored for spam probability using advanced content analysis algorithms.
If your password is compromised, you need an extra layer of access security. We offer two-factor authentication (2FA) for My365i and SSH access.
Our 2FA provides you with a time-sensitive single-use code to enter as well as your password. 2FA app providers include Google and Microsoft.
We keep your accounts, data, payments, and identity secure.
Brute force login attempts use software to guess your passwords. They are largely random but if not stopped, eventually they will gain access.
Our platform includes brute force login protection which monitors log-in attempts to your website. It checks for what appears to be automated requests. If they are detected, it uses Google reCAPTCHA tools to check for humans, and if necessary blocks those attempts.
Logins to our WordPress hosting platform are the most popular target, but we automatically protect all common website logins.
This also keeps our platform fast as it blocks millions of requests every day.
Businesses that process payments online need to be PCI-DSS compliant.
To accept, store, and process debit/credit card information, the hosting must be compliant with Payment Card Industry Data Security Standards (PCI-DSS). These standards were introduced to reduce credit card fraud.
The PCI Security Standards Council are responsible for ordering regular tests on hosting providers. They test for vulnerabilities where hackers could potentially steal cardholder information.
365i platforms surpass these independent audits.
Our data centres are ISO 27001:2013 certified, meeting the highest international standards for information security management. Their security features include:
Your My365i control panel includes a suite of security management tools to protect your websites.
Block malicious IP addresses, entire subnets, or even whole countries from accessing your websites.
Quickly add passwords to parts of websites or whole sites, no coding required. Control access instantly.
Unlock FTP for a set period so you can make changes, then it reverts automatically to its locked state.
Check your website files for the safest permissions to keep your site secure. We recommend and fix errors automatically.
Create site backups quickly and easily, or set Timeline Backups to happen automatically. One-click restore.
Quickly create secure random passwords from within your control panel. Strong credentials in one click.
In early November 2025 one of our customer sites was compromised and started serving phishing content under the customer's own domain. The compromise wasn't subtle. Netcraft, an external security monitoring service, picked it up and filed a report. Sharing an IP with a host serving phishing is the kind of incident that puts the whole shared platform's reputation at risk for every other customer on the same edge. So our acceptable use policy is unambiguous: web access is suspended immediately, the customer is notified by ticket, and the site stays offline until the malware is removed.
We opened the ticket with the customer that morning. Nine days later the customer still hadn't replied. He hadn't logged in. The site stayed offline because we couldn't confirm he'd seen the report. The path most hosts take in that situation is to keep the package suspended indefinitely until the customer engages, or quote a malware-removal fee.
Pippa, on our support team, took a different call. She manually cleaned the malware off the site herself, brought it back online, and asked the customer to rotate his WordPress user passwords and his database password as the two post-clean-up actions. No fee. No "incident response" invoice. She also coordinated the relevant notification to the data centre so the platform-side record of the incident matched what we'd done.
The customer responded eventually. The site stayed clean. The pattern is the point: our security model isn't built around catching the customer paying for the rescue. It's built around protecting the shared-IP reputation that matters every day for every other customer on the platform. The fastest way to protect that reputation is to clean the site for the silent customer rather than leave it festering.
Most hosting plans claim to monitor for compromise. The proof is what you do on day nine, when the customer is silent and the package is still suspended.
Mark very quickly found all of the faults with my Wordpress site that my previous company missed altogether, most importantly the crucial AI discovery, outdated high site security risk plugins, out of date website core. He fixed all of the issues and errors within 72 hours.
By Mark McNeece, Founder of 365i. Last reviewed 25 May 2026.
Editorial integrity: read our editorial standards.
Security concerns shouldn’t keep you up at night. Whether you need help with SSL configuration, firewall rules, malware remediation, or hardening your WordPress site, our UK-based specialists have seen it all. Available 7 days a week including evenings, weekends, and bank holidays, real experts who understand the threats your site faces.
A dedicated team of UK-based hosting specialists who understand server administration, WordPress, DNS, email, and everything in between.
Available every day of the week including evenings, weekends, and bank holidays. Data centre monitoring is 24/7, so your server is always watched.
Rated 5.0 stars on Google with more than 20 years of hosting experience. Trusted by thousands of UK businesses.
Fantastic service. After the best part of 3 years agonising over what to do with an old website with Yell, and wanting a new site to reflect the new business name, in less than a week of speaking to Mark at 365i, everything is now pointing to a striking brand new website, with my domain name of my choice and at a very affordable price. Great work.
Mark has been extremely helpful with some website and system issues we recently faced, offering easy solutions to all of the problems without any fuss at all. We cannot thank you enough for all of your help!
Very helpful and cover every area. Mark especially is very effective in finding solutions for any queries you may have and goes the extra mile to assist. Overall, excellent service!
Migrated from A2 Hosting to 365i and the level of customer service and support is absolutely exceptional. What Mark doesn't know about hosting and websites isn't worth knowing. He goes past just hosting and is always willing to help. Great to feel in safe hands. Highly recommend.
Just the best I’ve ever used! Our sites run so fast, and they bend over backwards to help when we get in trouble and don’t know what to do. We’d be lost without them now. So glad we found them. Best move we ever, EVER, made!!! You need 365i in your life.
Having moved from a much slower hosting platform, this new setup is not only much faster, but has a far more user-friendly interface and some incredible friendly support, nothing is too much trouble, the whole process of transfer has been completed so seamlessly that there was barely any downtime and no loss of data. Really happy to have come across this company and looking forward to making use of the services offered within my new hosting package. Highly recommend :) I wrote the above a couple of years ago (I think!) and since then have done a good bit more with more websites, the support when needed is always insanely fast, and often goes way above and beyond the call of duty, really cannot fault the service received from 365i, I stand by my original statement that I'd highly recommend. 5 stars is really not enough so here's a few more ***** ***** *****
I don't know what to say???! Absolutely BLOODY Marvellous!! Mark on ticket chat, live chat, customer service top notch so easy to get in contact and so super helpful! THanks guys!
Mark has helped us numerous times with our website. His skills are second to none and he gets back to us very quickly with every project. We would definitely recommend him for all your web hosting and design needs.
Yes. Every hosting plan includes a free wildcard SSL certificate at no extra cost. Wildcard SSL covers your primary domain and all subdomains (e.g. shop.yourdomain.com, blog.yourdomain.com) using a single certificate. SSL certificates are provisioned and renewed automatically, you don’t need to configure anything. To use our free SSL, your domain must use our name servers.
A Web Application Firewall (WAF) inspects every HTTP request to your website in real time, blocking malicious traffic before it reaches your server. Our enterprise WAF protects against SQL injection, cross-site scripting (XSS), trojans, path traversal, and many other OWASP Top 10 vulnerabilities. The WAF rules are updated regularly by our security team to defend against new and emerging threats. It is included free with all hosting plans.
Our DDoS mitigation operates at the network level with 1 Terabit per second (Tbps) capacity. When a Distributed Denial of Service attack targets your website, our systems automatically detect the malicious traffic and filter it out before it reaches your server. Legitimate visitors experience no disruption, your site stays online and responsive throughout the attack. This protection is included free with every hosting plan and requires no configuration.
All websites on our shared hosting platforms (WordPress, Windows, and Linux) are automatically scanned for malware every day. You receive a detailed report in your My365i control panel showing the results of each scan. WordPress users also have access to our WordPress Checksum Report, which verifies that your WordPress core files match the official WordPress repository, helping detect any unauthorised modifications.
Two-factor authentication adds an extra security layer to your account by requiring both your password and a time-sensitive code from your phone when logging in. We support 2FA for your My365i control panel and SSH access. To set it up, go to your account security settings in My365i and link your Google Authenticator or Microsoft Authenticator app. Each login will then require the current one-time code from your app.
Yes. Our data centres hold ISO 27001:2013 certification, the international standard for information security management systems. This means they undergo regular independent audits covering physical security, access control, environmental controls, and operational procedures. Security features include 24/7 on-site security personnel, photo ID and swipe card access control, comprehensive CCTV monitoring, and redundant power supplies with UPS battery backup and diesel generators.
Our hosting infrastructure is designed to support your PCI DSS obligations. The platform meets the technical baseline expected by PCI DSS (TLS 1.2+ enforced, modern cipher suites, hardened server configuration, isolated environments, server-level firewall, regular vulnerability scanning, and audit logging). Final PCI DSS compliance for a business that accepts, stores, or processes cardholder data always depends on your application, payment flow, configuration, and operational processes, not on hosting alone. Most UK stores meet their obligations by routing payments through hosted gateways like Stripe, PayPal, or Square, which keeps card data off your server entirely. Contact us if you need to discuss a specific compliance scope.
Our platform automatically monitors login attempts across all hosted websites. When it detects patterns consistent with automated brute force attacks, such as rapid successive login attempts, it challenges the visitor with Google reCAPTCHA verification. If the attempts continue or fail verification, the IP address is temporarily blocked. This protects WordPress logins, control panel access, and all other common login pages. The system blocks millions of malicious login attempts every day.
All email accounts include three-tier anti-spam and anti-virus protection at no extra cost. The first tier uses commercial blacklists from Spamhaus, Invaluement, and Barracuda Networks to reject mail from known spam networks. The second tier scans all attachments against known malware signatures. The third tier analyses message content and scores it for spam probability. Together, these layers filter the vast majority of unwanted and malicious emails before they reach your inbox.
Yes. Your My365i control panel includes IP and country blocking tools. You can block individual IP addresses, entire subnets, or even whole countries from accessing your websites. This is useful for stopping persistent attackers, blocking regions where you don’t do business, or complying with regional access requirements. Additional security tools include a password manager for directory-level protection, FTP auto-lock to keep file access secure, and a file permissions checker that automatically fixes unsafe permission settings.
Every hosting plan includes enterprise-grade security. Free SSL, WAF, DDoS protection, malware scanning, and more, all included at no extra cost.
