Hosting Domains Email SSL Pricing Support
Dashboard
🛡️ Server Security

Your Sites Are Protected
By Default

Every website hosted on lbreeze is shielded by cPFence — real-time malware scanning, Web Application Firewall, DDoS protection and WordPress security. No setup required.

View Hosting Plans About cPFence ?

14M+

Virus & malware signatures in the database

390K

Abusive IPs blocked in real time

750M

Web attacks blocked in the past year

1000+

Malicious bot types detected & blocked

Architecture

Three Layers of Protection

cPFence defends every lbreeze server — and every website on it — with a three-layer security stack that stops threats before they can do any damage.

IPDB & DDoS Protection

Malicious IPs are blocked before they even reach the server. With a database of 390,000+ known abusive IPs updated in real time, threats are stopped at the network edge — including DDoS attacks with 100+ concurrent connections per IP.

Real-Time Malware Blocking

Files are scanned for malware the moment they appear on the server. With over 14 million virus signatures updated hourly, infected files are detected and blocked instantly — including PHP malware, backdoors, and database-level threats.

Web Application Firewall

A powerful WAF sits in front of every website, compatible with Nginx, Apache, OpenLiteSpeed and LiteSpeed Web Server. It filters malicious requests, blocks exploit attempts, and protects against SQL injection, XSS, CSRF and more — all in real time.

Security Modules

Advanced Protection for Every Threat

cPFence ships with dedicated security modules covering every attack vector — from WordPress vulnerabilities to email spam and database abuse.

WP AutoShield—

One-click WordPress security hardening with automated vulnerability detection and patching across all WordPress sites on the server. Keeps themes, plugins and core files up to date automatically.

WordPress

Owl AutoMySQL—

24/7 process monitoring that detects rootkits, abusive database users, and high-load conditions. Automatically kills runaway processes before they can take down the server or affect neighbouring sites.

Database

Spam AutoShield—

Server-wide email scanning that quarantines malicious links, blocks phishing attempts and prevents outbound spam — all without requiring external DNS filters. Keeps your domain reputation clean.

Email

MonitorPro—

Continuous uptime and keyword monitoring across the entire server cluster. Instant alerts when a site goes down or a critical page changes unexpectedly — so issues are caught before customers notice.

Monitoring

Bot Protection

Detection and blocking of over 1,000 known malicious bot types. Automated scrapers, credential stuffing bots, and vulnerability scanners are stopped at the firewall level before they can probe your site.

Traffic

Brute Force Protection

Login brute force attempts against WordPress, cPanel, FTP and SSH are detected and blocked automatically. Failed attempts trigger IP lockouts that protect all accounts on the server simultaneously.

Authentication
Built for Enhance

cPFence — Purpose-Built for the Enhance Platform

cPFence is the only server security solution built natively for the Enhance control panel. That means deep integration, zero configuration, and protection that works out of the box for every lbreeze customer — with no additional cost.

Security runs at the server infrastructure level: your websites are protected whether you configure anything or not. From the moment your hosting account is active, cPFence is watching.

  • Hourly-updated virus and malware signature database
  • Full IPv6 support across all protection modules
  • GDPR compliant — no personal data stored or shared
  • Country and IP blocking with instant effect
  • Database scanning for hidden malware and rootkits
  • Included free on all lbreeze hosting plans
Learn more at cpfence.app
cPFence security
WAF
Malware Scanner
DDoS Protection
WP AutoShield—
Spam Shield
DB Monitor
Compliance & Frameworks

Built Around Modern Security Standards

LBREEZE LIMITED operates UK-registered hosting infrastructure designed to meet modern data protection and cyber-security standards. Below is an honest summary of the frameworks we align with today and the certifications on our roadmap.

UK GDPR & Data Protection Act 2018

Fully met. We are a UK-registered data controller and processor with a named Data Protection Officer, a published Data Processing Agreement, and Article 33 breach notification procedures. ICO-supervised.

EU NIS2 Directive — Article 21

Aligned. Our network security, access control, cryptography, logging, incident response, supply-chain and business-continuity controls are designed around the Article 21 risk-management measures, even where the directive does not directly apply to a UK-registered entity.

Cyber Essentials Plus

On roadmap. We operate to Cyber Essentials Plus technical controls internally (boundary firewalls, secure configuration, access control, malware protection, patch management) and intend to pursue formal certification with an IASME-accredited body.

ISO/IEC 27001 principles

Followed in day-to-day operations. Documented policies covering access control, cryptography, physical security (via Hetzner ISO 27001 DCs), operations security, supplier relationships, and incident management. External certification is not yet in scope.

PCI DSS v4.0.1 — SAQ D Compliant

LBREEZE LIMITED completed PCI DSS v4.0.1 Self-Assessment Questionnaire D for Merchants on 16 February 2026 with an asserted Compliant attestation across all twelve PCI DSS requirements. Card data itself is processed by Stripe under Stripe’s own PCI DSS Level 1 certification. Next annual reassessment: February 2027.

Incident Notification Commitment

Customers affected by confirmed incidents are notified via support ticket within 24 hours of classification. Personal-data breaches meeting the legal threshold are notified to the UK ICO within 72 hours under UK GDPR Article 33.

A transparency note: LBREEZE LIMITED has not yet undergone external certification audits for Cyber Essentials Plus, ISO/IEC 27001, or SOC 2. Statements on this page describe internal alignment with those frameworks and our written policies. Where a framework is a legal obligation (such as UK GDPR) we are fully compliant; where it is a voluntary standard, we follow its principles and are working toward formal certification as part of our roadmap.

Vulnerability disclosure

Please report suspected vulnerabilities to security@lbreeze.com. We acknowledge reports within 2 business days.

View /.well-known/security.txt

Data protection officer

Kostadin Stoyanov
privacy@lbreeze.com
+44 20 4587 5787

Abuse reports

abuse@lbreeze.com
See our Acceptable Use Policy and status page.

Hosting That's Secure from Day One

cPFence protection is included free on every lbreeze plan. No plugins, no setup, no extra cost — just hosting with security built in.