Published: July 9, 2025 by Lucas Rolff

How We Protect Your Website

Hosting thousands of websites, also means we're usually hosting some sites that may not be as secure as they should, whether that comes from insecure or out of date plugins, themes or even CMSes themselves or various misconfigurations. This means we have to do our best as a provider to maintain a secure environment and protect websites against the threats that exist when you're having an online presence.

This post will go over some of the various technologies or features we use to protect websites and keeping things as safe as possible.

CloudLinux

Our infrastructure is built on CloudLinux OS. CloudLinux OS, developed by CloudLinux, is an operating system that is built for shared hosting environments, providing various tools and features to help stabilize and protect servers.

CageFS

CageFS by CloudLinux provides a virtualized filesystem for each individual user to limit system exposure by masking sensitive information (such as /etc/passwd), or system commands. It gives control over how we as a hosting provider expose various parts of the operating system to users, what commands they can run, whether these commands should be proxied through proxyexec and provides the foundation of various security measures within CloudLinux OS itself.

LVE Limits

While not a direct security feature, LVE Limits are rate limits in terms of CPU, RAM, Disk I/O and process limits. This ensures a given customer cannot utilize too many resources by restricting them to a set of configured options. This is largely based around cgroup limits which is a kernel feature that limits and accounts for these various system resources.

Hardened PHP

Because we host many different applications, some of which are up-to-date, and others that lack updates or support for latest PHP versions, we're utilizing Hardened PHP by CloudLinux.

Hardened PHP provides additional protections for PHP versions that php.net considers end-of-life, supplying security patches for these versions. This means even if a website can't use the latest PHP version (or hasn't been updated yet), you can still rely on these PHP versions receiving patches for known vulnerabilities.

While we recommend keeping PHP up to date, offering hardened PHP versions ensures we protect the sites as much as possible from various direct PHP vulnerabilities.

Imunify360

Our security suite also includes Imunify360. Imunify360 is yet another product developed by CloudLinux, providing features like WAF (Web Application Firewall) rules through a mod_security ruleset, Malware Scanning, WebShield, brute-force protection and more.

WAF powered by mod_security

One of the great features of Imunify360 is the WAF that protects websites from various OWASP vulnerabilities, and specialized rules for protecting against various known vulnerabilities in plugins, themes and CMSes.

The WAF detects suspicious visitor activity, such as attempts to exploit software, install malicious plugins, or if IP addresses are identified as bad actors by Imunify360's Real-time Block List (RBL) systems.

It provides a layer of security in front of websites to take care of common or known vulnerabilities, even if a website is running an older version of a plugin or a theme.

However, it's worth noting that a WAF in itself can never protect a website 100%, you can still have code that's insecure that a WAF cannot prevent from leaking data, because it's about finding the right balance between protecting websites while also causing as few false positives as possible.

WebShield

In case IPs are known as bad actors or look suspicious, WebShield will usually be triggered for such IPs giving the users to try to prove themselves as legitimate because obviously false positives can happen. Most automated exploit testing will usually not realize this, and quite often cannot solve these proof of work or challenges that are given as a part of WebShield.

WebShield also acts as a gateway for known external systems such as Facebook, Google, CloudFlare, NodePing or similar systems to prevent blocking while still putting some additional protections, even for known CDNs.

Monarx

At its core, Monarx provides robust malware scanning, threat detection and prevention based on signature-less, behavior-based detection.

Malware scanning

As malware gets more and more sophisticated, it takes more than just signature-based malware scanners to do the job. By using detection in application behavior (largely thanks to their PHP Protect module), it allows to take action based on real-time threats happening within an application. This means not only does it result in detecting a higher rate of malware, it also allows for adjusting for reinfections moving forward.

While Imunify360 also comes with Malware Scanning as a feature, we still see a significantly better detection rate for malware with the signature-less methods employed by Monarx.

Because of the threat protection and detection mechanisms built into Monarx, it also allows Monarx based on feedback from their customers to make the system significantly more effective. It functions as a large crowd-sourced information power house when it comes to threat-intelligence and stopping new injections from happening.

We do however, still run a weekly scan with Imunify360's malware scanner, just in case Monarx didn't catch something specific (we've yet to see this happen, but that's besides the point).

PHP Protect

PHP Protect is a PHP extension by Monarx that works together with the Monarx agent to generate a backtrace of how possible injection attempts or malware drops happened. So even if a given website were to get infected with malware (if e.g. Imunify360's WAF didn't block it), we get a backtrace of how a given piece of malware ended up on an account, whether this was through specific files or a compromised admin account in WordPress, Joomla or similar.

Imunify360 has a similar module called PHP Blamer, but based on our experience using both, we see PHP Protect by Monarx detecting these much better which is why we're using it as the primary detection mechanism.

On-Disk security patching

While vulnerabilities in software, whether that's a plugin, theme or CMS are patched, it doesn't always mean that users update in time before a given vulnerability is actively exploited.

Monarx provides on-disk patching for many such vulnerabilities, by effectively implementing the security patches supplied by these software vendors, assuming it's possible to patch it with ease, the files will get the security patches even if the plugins are not actually updated.

LiteSpeed

LiteSpeed includes built-in brute-force protection for WordPress, specifically targeting repeated login attempts. It slows down requests from IP addresses that make frequent login attempts to the wp-admin area. Additionally, we can manually enable CAPTCHA pages on individual sites to defend against large-scale attacks. While visitors may occasionally encounter a CAPTCHA challenge, it ensures the website remains accessible and functional.

Conclusion

As you can read, keeping websites protected against the threats on the internet usually means taking many different measures. While the above is not a complete list of everything we do to protect sites, it does provide some insight into the various tools and software we employ for both proactive and reactive security against threats.