
Secure Every Client Website with Multi-Layer Protection
Vulnerability Protection NEW
Managing outdated or vulnerable WordPress core, plugins, and themes is a major security challenge. WP Squared solves this with Vulnerability Protection.
Powered by Patchstack, the world’s leading vulnerability discloser with over 10,000 virtual patches, this feature provides fast, continuous protection against known WordPress vulnerabilities, ensuring your sites stay secure, even if components haven’t been updated right away.
Vulnerability Protection mitigates risks without changing your site’s code or affecting performance, silently securing your sites in the background.
Included at no extra cost for all WP Squared websites, this crucial layer of protection ensures peace of mind for both you and your customers.


Advanced Server Firewall
Protect your servers with a powerful, multi-layered defense system. WP Squared’s Advanced Server Firewall, powered by Imunify360, proactively blocks threats and protects against malicious activity before it reaches your customers’ websites.
- Leveraging sophisticated Intrusion Detection and Prevention systems, the firewall monitors traffic and server logs in real-time, blocking known attacks and suspicious IPs to prevent exploits and unauthorized access.
- The "Herd Immunity” feature analyzes global security incidents across all Imunify360 installations to build a collective defense. When a new threat is detected, protection rules are rapidly deployed, blocking malicious activity across all servers and providing a real-time, proactive protection shield for your entire infrastructure.
- The integrated WebShield component intelligently handles complex traffic, such as from CDNs or proxies, identifies real IPs, and challenges suspicious sources with CAPTCHA to prevent malicious requests from impacting system performance or security. This comprehensive, automated protection keeps your servers and customers' websites secure with minimal administrative overhead.
Web Application Firewall (WAF)
Go beyond server-level protection and safeguard your customers’ websites at the application level. Our Web Application Firewall (WAF), powered by Imunify360 and tightly integrated with ModSecurity, is designed to stop common web attacks before they can even start.
- The WAF actively monitors incoming traffic to identify and block malicious requests, providing crucial defense against threats like SQL injection and XSS attacks.
- By employing advanced Captcha systems and Splash Screens with rules designed for low false positives, it effectively halts malicious activity while ensuring legitimate visitors can access websites without disruption.
This vital layer of security helps safeguard sensitive data and block unauthorized access, adding a powerful shield that protects your customers’ web applications and maintains the integrity of their online presence.


Proactive Defense
Stay ahead of hidden threats with Proactive Defense, a powerful security technology powered by Imunify360. Unlike traditional signature-based scanning, Proactive Defense analyzes the behavior of PHP scripts as they execute, detecting and blocking malicious activity as it happens.
Malicious code is often hidden – obfuscated, injected into legitimate files, or fetched dynamically. Proactive Defense detects these threats the moment they attempt to execute, stopping them instantly before they can harm your server or customers’ websites. It can block the entire script or isolate and stop only the malicious flow, ensuring precise and effective protection.
Malware Protection
Keep WordPress websites clean and secure with advanced Malware Protection, powered by Imunify360. Our AI-driven Malware Scanner actively detects malicious content in real-time, providing a crucial layer of defense against infections.
- The real-time file scanner analyzes files as they’re created, uploaded, or modified. When malware is detected, it removes only the malicious code, preserving legitimate content and restoring functionality without disrupting the website.
- A dedicated WordPress database scanner thoroughly inspects records for malicious injections, like JavaScript, iframes, and other harmful content hidden within legitimate data, and removes them effectively.


CageFS Account Isolation
On multi-user servers, a compromised account can give attackers access to other users’ data or even the server itself. CageFS Account Isolation, powered by CloudLinux, eliminates this risk by isolating each user in their own secure environment.
- Acting as a virtualized file system, CageFS ensures users cannot access each other’s data, blocking malicious actors from exploiting one account to target others, or the server itself.
- This powerful isolation safeguards against a range of attacks, including privilege escalation and information disclosure, all without requiring changes to customer scripts or websites.
CageFS provides a crucial layer of security, preventing the spread of attacks from a compromised account and ensuring a safer environment for all users on the server.
- COMING SOON
- Taking security to the next level, we're soon introducing Website-Level CageFS in collaboration with CloudLinux. This upgrade builds on the existing account isolation, offering individual protection for each WordPress site within your account, adding an extra layer of protection - if one site is compromised, the others remain fully secure.
HardenedPHP
Many websites rely on outdated PHP versions for compatibility with themes and plugins, exposing them to security risks due to unpatched vulnerabilities. HardenedPHP, powered by CloudLinux, extends support for these older versions, continuously patching them against known vulnerabilities, including critical flaws in unsupported versions like PHP 5 and 7.
HardenedPHP allows your customers to continue using the PHP versions their websites rely on, securely patched against known vulnerabilities. This eliminates the need for costly rewrites or disruptive updates, keeping both their sites and your servers safe.


KernelCare Rebootless Kernel
Keeping your server’s kernel updated is crucial, but traditional updates often require disruptive reboots. With KernelCare Rebootless Kernel, powered by CloudLinux, you can apply security patches automatically every four hours without rebooting, ensuring your server stays up-to-date and secure.
This eliminates the need for maintenance windows and manual reboots, maximizing uptime and reducing the risk of critical vulnerabilities. A quick, easy installation provides years of secure, rebootless kernel updates, offering peace of mind and minimizing maintenance overhead.
Two- Factor Authentication
Add a crucial extra layer of protection to your accounts with Two- Factor Authentication (2FA). Going beyond just a password, 2FA significantly enhances security by requiring a second verification step to access accounts. 2FA is available for:
- WHM, providing server administrators with enhanced login security
- WP Squared frontend, enabling website owners to secure their individual accounts.
We support the widely used TOTP (Time-based One-Time Password) protocol, compatible with authenticator apps like Google Authenticator, Microsoft Authenticator, Authy, and many others, making it simple and convenient to deploy robust login security.
