All Collections
Website Security
What Security Measures Does Hostinger Use?
What Security Measures Does Hostinger Use?

Server protection and certifications at Hostinger

Updated over a week ago

At Hostinger, we follow the latest security industry standards and best security practices to protect our servers, ensure information security and comply with all applicable laws and regulations, such as GDPR.

General Security Measures

While more technical details are reserved for preserving the integrity of the security systems in place, here are some of the most relevant safeguards applied:

Server and Infrastructure Protection

  • 24/7 server monitoring

  • Server and infrastructure security configuration consistently applied across all servers

  • Firewall protection

  • Advanced security modules that assure the best possible protection, such as mod_security, Suhosin PHP hardening, PHP open_basedir protection, and others

  • Anti-malware protection on endpoints and servers

Procedures and Practices

  • A dedicated internal Security team

  • Implemented internal policies and procedures to support information security

  • Continuous scan for vulnerabilities and penetration testing

  • Applied OWASP secure coding practices and other industry standards

  • 2FA authentication enabled on all applicable systems

Data Integrity

  • All operating systems are kept up to date, including security patches

  • Database encryption with secure hashing algorithms

  • Regular data backups

  • Continuous static code analysis to detect potential code security issues


  • While Hostinger is not ISO 27001 or SOC certified, we have extensive security practices put in place to ensure information security

  • As for Health Insurance Portability and Accountability Act, our hosting services are not intended to provide a HIPAA-compliant environment according to our Hosting Agreement.

Security Recommendations

To keep your account and websites fully safe, we also recommend you follow some basic security measures, such as:

  • Never provide your login and password to anyone. To safely provide access to a collaborator, use our Access Manager feature

  • Scan regularly all your devices with an up-to-date antivirus

  • Keep your CMS and application extensions updated to the latest version

  • Download extensions/plugins/modules/themes only from trusted sources

  • Enable social login and two-factor authentication for your hosting account, as well as two-step authentication for your CMS admin dashboard

To prevent data loss, you can also regularly download backups of your website files and database to your local device, as well as back up your emails.

Additional Resources

Did this answer your question?