Security & SSL

Security shouldn't be an expensive add-on or a part-time job. On HostFilya the heavy lifting — SSL, firewall, DDoS protection, malware scans and daily backups — runs automatically on every plan. This guide explains what's working behind the scenes and the handful of things you can do to stay safe.

Free, auto-renewing SSL

Every HostFilya site gets a free SSL certificate so your visitors connect over secure https:// with the reassuring padlock in the address bar. We issue it automatically when your site goes live and renew it for you before it expires, so the padlock simply stays on without you ever touching it.

Forcing HTTPS

To make sure everyone always lands on the secure version, turn on Force HTTPS in your dashboard. This automatically redirects any http:// request to https://, so old links and bookmarks still reach the secure site. New to SSL? Our guide on SSL certificates explained covers the basics.

Tip: switch Force HTTPS on the moment your site is live. It costs nothing, takes one click, and means no visitor ever sees a "Not Secure" warning.

Firewall (WAF) & DDoS protection

Two shields run in front of your site at all times:

• The Web Application Firewall (WAF) inspects incoming traffic and blocks common attacks — things like SQL injection and malicious bots — before they ever reach your site.
• DDoS protection absorbs floods of fake traffic designed to overwhelm your server, so genuine visitors keep getting through even during an attack.

Both are always-on and need no configuration from you.

Malware scanning & cleanup

We proactively scan your files for malware and known vulnerabilities. If something suspicious turns up, we flag it in your dashboard and alert you, and our team can help clean an infected site and close the hole that let it in. Catching problems early keeps a small issue from becoming a big one.

Daily backups

We take an automated backup of your files and database every day and keep copies safely off-site. If anything ever goes wrong — a bad update, a mistaken edit or a security incident — you can roll back to a clean earlier copy with a single click. Backups are the ultimate safety net, and they're included free.

Strong passwords & two-factor authentication

Most break-ins come down to weak or reused passwords, so this is where your own habits matter most.

1. Use a long, unique password for your HostFilya account and your site's admin — a passphrase or password manager makes this painless.
2. Turn on two-factor authentication (2FA) so a stolen password alone isn't enough to log in.
3. Never reuse the same password across different sites and services.
4. Review who has access and remove anyone who no longer needs it.

Keeping software updated

Outdated themes, plugins and apps are the most common way sites get hacked. Keep everything current — on managed WordPress we apply security updates for you automatically (see WordPress). For anything you manage yourself, make a habit of installing updates promptly and removing software you no longer use.

Fixing mixed-content warnings

After switching to HTTPS you might see a "mixed content" warning. It means the page itself loads securely, but it's still pulling in an image, script or stylesheet over plain http://, which can break the padlock. To fix it:

• Update any hard-coded http:// links in your content and theme to https://.
• On WordPress, a search-and-replace tool or a simple plugin can rewrite old links in one go.
• Re-check the page — the padlock should return once every asset loads securely.

Security best-practices checklist

Run through this every so often and you'll be ahead of most sites on the web:

• SSL is active and Force HTTPS is turned on.
• Two-factor authentication is enabled on your account.
• All passwords are strong, unique and not reused.
• WordPress, themes, plugins and apps are up to date.
• A recent daily backup exists and you know how to restore it.
• Unused users, plugins and themes have been removed.
• No mixed-content warnings on your key pages.

Need a hand with any of it? Our team is online 24/7 and happy to help secure your site.