24/7 server monitoring

Server and infrastructure security configuration consistently applied across all servers

Firewall protection

Advanced security modules that assure the best possible protection, such as mod_security, Suhosin PHP hardening, PHP open_basedir protection, and others

Anti-malware protection on endpoints and servers

A dedicated internal Security team

Implemented internal policies and procedures to support information security

Continuous scan for vulnerabilities and penetration testing

Responsible Disclosure Policy and Bug Reward Program

Applied OWASP secure coding practices and other industry standards

2FA authentication enabled on all applicable systems

All operating systems are kept up to date, including security patches

Database encryption with secure hashing algorithms

Regular data backups

Continuous static code analysis to detect potential code security issues

While Hostinger is not ISO 27001 or SOC certified, we have extensive security practices put in place to ensure information security

As for Health Insurance Portability and Accountability Act, our hosting services are not intended to provide a HIPAA-compliant environment according to our Hosting Agreement.

Never provide your login and password to anyone. To safely provide access to a collaborator, use our Access Manager feature

Scan regularly all your devices with an up-to-date antivirus

Keep your CMS and application extensions updated to the latest version

Download extensions/plugins/modules/themes only from trusted sources

Always use secure and strong passwords

Enable social login and two-factor authentication for your hosting account, as well as two-step authentication for your CMS admin dashboard

Hostinger Data Processing Addendum (DPA)

What to Do if Your Account or Site Has Been Hacked?