FREE ON-DEMAND SCANNING
Automatic malware scanning
We give you a detailed report on the results of this scan in our My20i control panel. This is similar to services provided by some other web hosts – which they charge a premium for!
Should malware be discovered, we can send you an email alert.
WordPress users also have another way to check for malware, through our WordPress Checksum Report in our WordPress Tools suite. This checks that your WordPress core matches the official WordPress repository.

Disables PHP Mail
If malware is detected, PHP mail is disabled to prevent your site from further infecting others through email.
On-demand scanning
What makes our malware scanning special is that you can also run our scanner on-demand. This is convenient because you don’t have to wait until the next scheduled scan.
Immediate results
If you’ve discovered malware on your site, you’ll need to update the software or plugins, and delete any compromised files. Once you’ve made the changes, you can re-scan right away. You’ll get confirmation on whether your fixes have worked immediately.
HTTPS EVERYWHERE
Free wildcard SSL encryption
Our free SSLs are ‘wildcard’ certificates. So you can secure subdomains as well as your primary domain using one certificate. To get a free ‘https’ certificate your site needs to use the validated 20i nameservers. They provide the same level of security as any other SSL certificate.
Find out more:

SAFE FOR BUSINESS
PCI compliant UK hosting
If your business takes card payments, your hosting needs to be PCI compliant.
To accept, store and process debit/credit card information, the hosting provider must be compliant with Payment Card Industry Data Security Standards (PCI-DSS). These standards were introduced to reduce credit card fraud.
The PCI Security Standards Council are responsible for ordering regular tests on hosting providers. They test for vulnerabilities where hackers could potentially steal cardholder information. 20i consistently pass these independent audits.

- 24-7 security on site
- Photo ID and swipe card entry
- CCTV inside and out
- Gated access and secure perimeter fencing
- Redundant and uninterruptible power supplies
20i employees need to identify themselves before accessing any internal system. We use centralised identification and security policies that follow a least privilege and need-to-know access policy.

HTTPS EVERYWHERE
Email scans
We use 3 layers of inbound spam and virus scanning:
Network-level
Commercial anti-spam blacklists from Spamhaus, Invaluement and Barracuda Networks are used to reject mail from known spam networks.
Virus Scanning
Any known malware signatures are rejected.
Content-based
If malware is detected, PHP mail is disabled to prevent your site from further infecting others through email.
Fully configurable email filters
Whenever we reject a message for a known virus or network blacklisting, the message is returned to the sender so the sender knows what’s happening. We never ‘black hole’ email.
Fully configurable email filters
If you’re using the email accounts included with our shared hosting, you don’t want miscreants to harm your reputation (and ours) by sending out masses of ‘spam’ email.
So we monitor outgoing emails to ensure this doesn’t happen and operate a zero-tolerance spam policy.
MORE THAN JUST A PASSWORD
Two-factor authentication
Unfortunately many security measures are rendered ineffective if your password is compromised. So we offer the option to use two-factor authentication (2FA) for My20i, StackCP and SSH access.
2FA is a way to add an extra layer of security. Our 2FA uses TOTP apps, which provide you with a time-sensitive single-use code to enter as well your password. 2FA app providers include Google and Microsoft. The apps are run from your phone.
We also enforce another form of ‘2FA’: random security checks when payments are made. This will require you to call us and confirm additional security information provided by yourself when first signing-up.

YOU SHALL NOT PASS
Web application firewall
One way to halt security breaches is to prevent criminals getting access to your code on the server. Our Web Application Firewall (WAF) helps protect your data and software by blocking suspicious activity.
A common way to attack a website is to use web forms to insert malicious code. Forms aren’t covered by traditional firewalls, as they need to allow information to pass from the user to the server where the website is hosted.
The 20i WAF inspects every HTTP request for SQL injection, trojans, cross-site scripting, path traversal and many other types of attack. It performs each inspection in less than a millisecond.
The 20i security team regularly update our set of rules that filter-out malicious requests. This ruleset is made from commercially-available resources and custom rules written by the 20i security team.
All this goes on behind the scenes at 20i.


STACKPROTECT
Brute force login protection
Our platform includes StackProtect, which monitors log-in attempts to your website. It checks for potential ‘evil’ automated requests. If they’re detected, it uses Google’s latest reCAPTCHA tools and if necessary, blocks those attempts.
This also stops our platform being slowed-down. It blocks up to six million requests – every day. Logins to our WordPress hosting platform are our most popular target, but StackProtect covers all common website logins.
Brute force login protection

Block visitors to your site IP address or country
Our hosting allows you block malicious IP addresses, entire subnets or even whole countries, if you like. That’s up to you.

Website password manager
You can add passwords to areas of websites or whole sites quickly and easily, without having to code.

FTP security lock
We prevent file transfer through our FTP security lock, so sites can’t be altered. You can unlock this for a set period of time so you can make changes, then it will revert automatically to its locked state.

File Permissions Checker
Scan your website files for permission-based errors to prevent unauthorised access. Our File Permissions Checker will recommend and fix errors automatically.

Backups
If the worst happens, you should still have website backups to fall back on. You can create site backups quickly and easily in our control panel, or set Timeline Backups to happen automatically.

Password Generator
Generate secure random passwords from within our control panel. No need to resort to external password creation applications.
You shouldn’t have to pay for website security.
Reseller Hosting, WordPress Hosting or Web Hosting plans.