Table of Contents
Short answer: We don't resell SiteLock, Sucuri, or any third-party security product. Server-level protection (ModSecurity, Imunify360, ConfigServer Firewall, daily offsite backups on Growth+) is included in every plan. We'd rather earn less on the base plan than make money when you panic. Here's the stack, the reasoning, and the tradeoffs — so you can compare apples to apples.
Key Takeaways
- Server-level security (ModSecurity WAF, Imunify360, CSF firewall) included in all plans at no extra charge.
- We do not have commercial partnerships with SiteLock, Sucuri, or any cleanup vendor — no referral revenue means no incentive to flag your site.
- If a real malware issue is detected, we tell you the file, the signature, and the remediation — we don't call you to sell a cleanup product.
- Daily offsite backups included on Growth and Scale plans — so suspension or compromise doesn't mean data loss.
- We publish our security stack because we want you to verify, not because we want you to trust.
The philosophy: aligned incentives
Here's the simplest way to evaluate any host: ask what happens when a customer's site gets flagged for malware. If the host makes more money from that event (via upsold cleanup, via a referral fee to a "partner" security company), the host is incentivized to flag generously. If the host makes less money (support time consumed, customer frustration), the host is incentivized to flag only when there's a real problem.
Newfold Digital (Bluehost, HostGator) has had documented revenue-sharing with SiteLock. GoDaddy owns Sucuri. Most large shared hosts have at least one "security partner" feeding referral revenue back. Even when the product itself is legitimate, the system produces false positives because false positives are profitable.
We wanted to cut that incentive out. The result is: security costs us, it doesn't earn us. That changes what we do.
The actual security stack (all plans)
| Layer | What it does | Plan availability |
|---|---|---|
| CloudLinux CageFS | Per-customer filesystem isolation. Your site can't read or affect a neighbour's site even on shared hosting. | All plans |
| ModSecurity WAF | OWASP Core Rule Set tuned for WordPress / Joomla / Magento. Blocks common exploit attempts at the web server layer, before they reach PHP. | All plans |
| Imunify360 | Real-time malware scanning with proactive PHP-level defense. When we detect something, you get the file path and signature — not a sales call. | Growth, Scale |
| ConfigServer Firewall (CSF) | Server-level firewall with login-failure detection, brute-force IP ban, and port-scan detection. | All plans |
| Daily offsite backups (JetBackup) | 30-day retention, stored off-server. One-click restore. Means a suspension or compromise doesn't equal data loss. | Growth, Scale |
| Let's Encrypt SSL (auto) | Free, auto-renewing TLS on every domain. | All plans |
| DNS via Cloudflare (recommended) | Free DDoS protection, WAF rules, rate-limiting. We publish the exact setup in our KB. | Customer-configured, all plans |
Every item on this list is either open-source or a commercial product we license — the same products Newfold uses. The difference is we include them rather than resell them.
Tired of slow, overcrowded shared hosting?
LaunchPad Host runs on NVMe SSDs + LiteSpeed with free migration, free SSL, daily backups, and crypto payments. 30-day money-back guarantee.
See Hosting PlansWhat we deliberately don't do
- We don't resell SiteLock or Sucuri or any third-party cleanup product. No commission, no referral fee, no white-label partnership.
- We don't send urgency-framed security emails. If we detect something, you get the technical finding — file path, signature, remediation advice. No "security specialist" phone calls.
- We don't suspend for vague reasons. If we need to suspend for abuse, our ticket will cite the specific TOS clause and the specific finding. You can dispute based on specifics, not vibes.
- We don't resell "emergency" cleanup. If your site has real malware and you need help cleaning it, we'll point you at Wordfence Premium, Malcare, or Sucuri direct — whichever fits your budget. We won't take a cut.
- We don't charge for basic backup access during a dispute. Your data is yours. If an account is suspended, you get a 14-day window to export everything before purge. In writing, in our AUP.
The honest tradeoff
This model has real downsides. You should know them before signing up:
- Our margins are tighter. We don't have a SiteLock-revenue cushion to subsidize the base plan. Our pricing reflects that — we're not the $1.99/month special. Starter is $6/month. Growth $12. Scale $24.
- We don't have a 24/7 phone "security specialist" team. We have technical support via ticket with a 4-hour response SLA. If you want a human on the phone within 15 minutes of a suspension, that's a SiteLock-style model; we're not that.
- If you get real malware and need urgent help at 2am, our response is: here are the three vendors we trust, pick one, or send us a ticket and we'll respond in the morning. A larger host with a sales team will sell you something immediately.
- We don't run the "security score" dashboards that some hosts include. Those dashboards often exist to create upsell triggers. If you want that reporting, you can install Wordfence free tier yourself — it's better, and we're not making money either way.
If any of those tradeoffs are disqualifying for you, we're not the right host — and that's fine. We'd rather tell you that up front than collect your signup and have you unhappy in month three. If those tradeoffs fit, the plans are here.
Frequently Asked Questions
Imunify360 catches most common infections at the PHP level and quarantines them automatically. You get an email with the specific file path, the signature matched, and remediation advice. If you need hands-on help, we recommend Wordfence Premium, Malcare, or Sucuri direct — whichever fits your budget. We don't take a cut from any of them.
The specific claim we're making is narrow and verifiable: we don't have commercial partnerships with third-party security vendors. You can verify this by asking any security vendor — SiteLock, Sucuri, MalCare, Wordfence — if they have a partner or reseller agreement with us. They don't. That's the claim. Separately, our stack is published above so you can evaluate it against any other host's stack.
Because that would create the same incentive structure we're trying to avoid. Even "free bundled" security products usually come with a sponsorship or co-marketing arrangement that distorts incentives over time. We prefer to include open-source and server-level protection (which has no vendor relationship) and let customers add application-level tools themselves if they want.
Daily offsite backups (JetBackup) with 30-day retention included on Growth and Scale plans. Starter plan customers can add offsite backup separately or use a plugin to backup to Backblaze B2 / Wasabi. Starter includes manual cPanel backup but not automated offsite — this is the honest tradeoff for the $6/month price point.
Yes and no. Imunify360 does continuous server-level scanning. We don't sell access to the reports as a separate product. If Imunify detects something, it acts on it and you're notified. Compare to SiteLock which sells a dashboard; we treat scanning as part of keeping the server clean, not a product feature.
Nothing formal — we're a small company, not a public one with a binding charter. What we can say: our AUP and security stack are documented publicly, changes would be visible, and if we ever started selling SiteLock-style upsells, our existing customers could migrate out with 14-day data-retention backup (also documented). The structural protection is portability, not promises.
Ready for hosting that just works?
NVMe + LiteSpeed hosting with free migration, crypto payments accepted, and a 30-day money-back guarantee.
See Hosting PlansRelated tools, articles & authoritative sources
Hand-picked internal pages and external references from sources Google itself considers authoritative on this topic.
Related free tools
- Site Validator (robots, sitemap, SSL, headers) Validate robots.txt, sitemap.xml, SSL certificate, and security headers.
- DNS Lookup & Records Checker All DNS records (A, AAAA, MX, NS, TXT, CAA, SPF, DMARC) for any domain.
- PageSpeed & Core Web Vitals Google Lighthouse scores: performance, SEO, accessibility, best practices.
Offshore & privacy hosting
- DMCA-Ignored Hosting Due-process complaint handling, explained
- Offshore Hosting EU jurisdiction, privacy-first, from $3.99/mo
- Bulletproof Hosting Alternative What searchers actually want, without the risk