Your Eagle-Eyed Host: Inside WordPress.com’s World-Class Security Features

It’s never been easier to create a website—especially with WordPress.com—but keeping that site secure can be challenging. When you host with WordPress.com, though, we do the heavy lifting for you and let you focus on the fun of creating your dream website. Whether you’re a blogger, entrepreneur, or hobbyist, our top-notch security features safeguard your site day and night so that you don’t need to stress. 

Whether you’ve known about it or not, we’ve long been scanning and monitoring your site’s files to catch and remove threats. Let’s dig in just a bit more. 

Scan history is available on higher-tier plans

Using Automattic’s homegrown Jetpack software, every WordPress.com site is scanned on a daily basis for dangerous plugins, themes, malware, and other vulnerabilities. Once weaknesses are spotted, our security team swiftly resolves the issues, updating or reverting files as needed depending on the problem. 

Perhaps the best part is that we offer this peace of mind for free, on every plan. This certainly isn’t the case everywhere. Many WordPress hosts charge for the type of protection that WordPress.com offers on all of our website plans.  

Plus, you don’t have to do a thing to activate or maintain these security features. Our scanning tools are up and running as soon as your site is created. You can rest easy knowing that you have the web’s best security guards working on your behalf.

It’s possible you’ve never before thought of the importance of website security. The reality of the modern web, however, is that bad actors are out there looking to take advantage of you and your site’s visitors. 

If your site is hacked, it’s liable to cause serious damage to your reputation and your livelihood (not to mention your emotional well-being). Hackers can manipulate your website’s data, steal information from you or your users (including passwords), install and execute malicious code, and even distribute the malicious code to your visitors, infecting their sites and machines. It’s not an insignificant problem or threat, that’s for sure. 

Jetpack’s web application firewall (WAF) monitors every request to your site and blocks requests from anything malicious. Our team of security experts continually updates the web application firewall’s rules to ensure you are protected against the most up‑to‑date threats. You don’t have time for downtime. 

On our higher-tier plans you also have access to the scan history, which shows a record of all previous threats on your site. Additionally, you’ll have access to real-time backups, real-time security scans, malware removal, spam protection, and vulnerability notifications for core code and plugins.

At WordPress.com, we want you dreaming big rather than spending your energy worrying about your website’s security. This is why we provide automatically-installed best-in-class monitoring with no extra charge, on every single plan. 

And our security features will grow right alongside you; whether your dream is to blog about your adorable cats, highlight your stunning landscape photography, or build a home base for your budding technology startup, we have your back. Learn more about all our security features or get started building right now: