Skip to content

Built-in WordPress security, no plugins needed

With Kiravo, you get native WordPress protection that runs on the server-level without slowing your website down.

  • Website isolation

    Each site runs in its own container, so an infection on one can't spread to another.

  • WordPress hardening

    We block PHP execution in uploads and wp-includes, with scoped exceptions for builders.

  • Security headers

    Every site gets anti-XSS, clickjacking, and transport headers by default.

  • Free SSL certificates

    Let's Encrypt certs renew before they expire, with daily expiry checks. Bring your own from the panel.

  • Two-factor authentication

    Add 2FA to your Kiravo account in a couple of clicks against unauthorised access.

  • Brute-force protection

    Rate-limited shielding across the WordPress login, SSH, FTP, and email, with automatic bans.

  • Layer 7 WAF

    An application firewall that mitigates XSS and SQL injection before a request reaches your site.

  • Proxy-aware WAF

    Sees the real client IP and blocks bad traffic even behind Cloudflare, Akamai, or other proxies.

  • Bot protection

    Silent captcha challenges block bad bots on login and custom URLs, so resources stay with real visitors.

  • DDoS protection

    Connection-flood limits at the firewall, plus an Under Attack mode that tightens defences during an active attack.

  • IP, ASN & country blocking

    A live database of abusive IPs with country and ASN blocking, full IPv6, and reputation checks.

  • Email security

    Server-wide spam filtering, plus outbound lockdown that isolates a compromised account before your domain is blacklisted.

  • Real-time malware protection

    Real-time and scheduled scanning that pairs signature matching with a machine-learning classifier and heuristic analysis.

  • Rootkit scanner

    Detects rootkits, abusive users, and high-load processes, then blocks them on sight.

  • Database scanning

    Daily scans find malicious code and injections in your WordPress database; integrated tools clean it up.

  • Vulnerability manager

    Plugins and themes are tracked against a live CVE database, with weekly scans and one-click patching.

  • Malicious plugin detection

    We flag plugins that hide from the admin or smuggle in a backdoor, then step in immediately.

  • Malicious cron detection

    Hidden cron jobs an attacker leaves behind are detected and removed automatically.

  • File integrity monitoring

    We check core files against official checksums and catch unauthorised changes early.

  • Integrity auto-repair

    Compromised core files are quarantined and replaced with a clean copy from WordPress.org.

  • Backdoor & config monitoring

    Shell init files, SSH config, .htaccess, and wp-config are watched for injected backdoors.

  • Resource monitoring

    Round-the-clock process monitoring kills slow queries and caps runaway load.

  • Uptime monitoring

    We monitor your sites themselves, with Slack alerts the moment one goes down.

  • IP reputation check

    We track our server IP reputation to catch blacklisting before it hits deliverability.

Stability is what security looks like from outside

Real reviews left on third-party platforms over the years.

★★★★★

5 stars, always and probably forever. The best support I ever had, 24/7 and perfect uptime. I have nothing to complain about and I've been working with them for 4–5 years.

Ioan Mihai

★★★★★

Very good services and excellent technical support. Every time I've had a problem I got fast replies and clear solutions. Stable hosting, no outages. I recommend with confidence.

Interlink transport

★★★★★

Good WordPress hosting at a price point no one can beat. Servers have no issues, and barely any downtime. Support is quick and 24/7.

Jude Phillips

★★★★★

My experience with Kiravo has been very good. The site is stable and fast, and when I needed support I got fast replies and clear solutions. You can feel the professionalism and the care for the client. I recommend them warmly.

Anca Surdu

Security is just one of our features

A secure site still loses visitors when it's slow, becomes a chore without a good panel, and stays broken when something does go wrong without good support. Here's the rest of the platform.

Security questions

Don't see yours? We're happy to talk through how the platform protects your sites.

Do I need a security plugin?
You don't need a monolith security plugin like Wordfence or Defender. However, we recommend using utility plugins like Sessions (a sessions manager), Two Factor (2FA plugin) or Stream (records WordPress user and system actions). These help you protect the authentication and session management of your site.
What happens if my site gets hacked?
We restore from the most recent clean backup, run a full malware scan and clean the infection, then help you harden your site. No extra charge. It's part of being on a managed platform.
Do you scan plugins for known vulnerabilities?
Yes. Our vulnerability manager tracks every plugin and theme against a live CVE database, with automatic weekly scans. When something on your site has a published CVE, you see it in the panel and we notify you, and we can patch it in one click before it becomes a problem.
Is two-factor authentication enforced?
It's optional and set per user, not enforced, though we strongly recommend turning it on. Each user enables it themselves from their account settings in the panel, using a TOTP authenticator app such as Google Authenticator, Authy, or 1Password.
Do you support custom SSL certificates?
Free Let's Encrypt certificates renew automatically on every site. If you need to bring your own (an EV cert, a wildcard from a specific CA), you can install it from the panel without contacting support.
How do you handle DDoS attacks?
The WAF and rate limiter absorb small and medium attacks at our edge, and an Under Attack mode tightens defences during an active one. For volumetric attacks, we put the site behind Cloudflare. That setup is manual rather than a one-click toggle, so our team does the work with you at no cost.

Ready to put your site on a calmer foundation?