Technology

Security isn't a feature. It's the foundation.

Isolated containers, SELinux enforcing mode, behavioral bot detection, and an assistant that manages it all. Every layer of Hostney was designed to keep your sites safe without slowing them down.

Start free trial Compare providers

14 days free. No credit card. No commitment.

Bot detection

Behavioral scoring

SELinux

Enforcing mode

Ellie

AI assistant

14-day free trial

No credit card required

99.9% uptime SLA

Container isolation

Pricing

Simple, transparent pricing

Every plan includes managed WordPress, SSH access, daily backups, and enterprise-grade security. Start with a 14-day free trial.

Startup

Great for growing businesses

$7.99/mo

$94.99 billed annually

Get started

1 website
10 GB storage
~10,000 visits/month
5 MySQL databases
250,000 inodes
5 FTP users

What's included:

SSL & Domain

Free SSL certificate
Temporary subdomain

WordPress

1-click WordPress
Managed WordPress
Free WordPress migration

Advanced

For professional websites

$14.99/mo

$179.99 billed annually

Choose plan

5 websites
20 GB storage
~110,000 visits/month
10 MySQL databases
500,000 inodes
10 FTP users

Everything in Startup, plus:

Performance

Memcached

Pro

Maximum performance and features

$22.99/mo

$274.99 billed annually

Go pro

10 websites
40 GB storage
~200,000 visits/month
20 MySQL databases
750,000 inodes
20 FTP users

Compare plans

Under the hood

Custom-built technology

Four layers of custom-built technology

Control panel

Modern frontend with real-time dashboard, rich features, web terminal, and AI integration.

ApplicationWebSocketTerminal

Ellie (AI assistant) Beta

Natural language interface powered by Anthropic with a fallback to OpenAI. No hallucination.

EllieClaudeChatGPT

Backend API

API with JWT authorization, queue-based job processing, audit logging, and real-time notifications.

AutomatedSQLJWT

Orchestrator

Custom binary with 100+ commands managing all aspects of our infrastructure.

ControlPodmanStateless

Intelligent protection

Behavioral bot detection

Every request is analyzed and scored automatically. Adaptive scoring refines detection over time, and malicious bots are blocked before they reach your site.

Score 0-100

Every IP gets a threat score based on behavioral signals and adaptive scoring: rate limits, scanner patterns, request velocity, and more.

Auto-respond

Suspicious IPs get rate-limited, malicious ones face JS challenges, and the worst offenders are banned across all servers automatically.

JS challenge

Suspicious IPs get a proof-of-work challenge. Real browsers solve it instantly, bots can't.

Dashboard

Monitor threats, view signal breakdowns, and whitelist IPs directly from your control panel.

Bot detection runs continuously across all servers, sharing intelligence in real-time. No plugins, no configuration. It's built into the platform and included in every plan.

The heart of Hostney

Secured at every layer

A custom orchestrator that manages every aspect of our infrastructure

100+

Commands

User management, web servers, databases, PHP, SSL, backups, and more

Zero-downtime

Graceful reloads and maintenance mode prevent service interruptions

API-driven

Central backend is the source of truth, servers sync automatically

Single binary

No dependencies. Trivial to deploy and update

orchestrator@nyx-prod-us1 ~

Get started

Enterprise security meets AI-powered hosting

Hardened containers, daily backups, and Ellie Beta included in every plan.
Start free for 14 days, no credit card required.

Start your free trial

Defense in depth

Container hardening: multiple layers of protection

Even if an attacker compromises your application, they can't escape the container or escalate privileges.

no-new-privileges

Containers cannot gain additional privileges beyond what they started with. Even if malware exploits a vulnerability, it can't escalate.

Capability restrictions

Dangerous capabilities like SYS_ADMIN are dropped. Containers only have the minimum capabilities needed to function.

noexec filesystems

Home and temp directories are mounted with noexec. Attackers can't execute uploaded malicious binaries.

Per-user cgroups

Each user's containers run in isolated cgroups with defined CPU, memory, and I/O limits. Resource exhaustion attacks are contained.

Kernel hardening

Unprivileged user namespaces are disabled, preventing container escape vulnerabilities that exploit user namespace features.

SELinux enforcement

Every container runs with a mandatory access control context. Even root inside a container is restricted by kernel-level SELinux policies.

Enterprise security

SELinux: the security layer most hosts skip

The same mandatory access control trusted by the US Department of Defense, running on every Hostney server.

SELinux (Security-Enhanced Linux) was developed by the NSA and is mandatory for government systems, banks, and enterprises. It provides mandatory access control that prevents unauthorized access even if an attacker gains root privileges.

Why most hosts don't use it:

Most hosting platforms require SELinux to be disabled. Their architecture conflicts with mandatory access controls, meaning they run without this critical security layer entirely.

How we do it:

Hostney runs SELinux in enforcing mode on every server. Every file access, network connection, and process execution is validated against security policies before it happens.

What SELinux protects against:

Privilege escalation

Even if malware gets root, it can't access protected resources

Unauthorized file access

Processes can only access files they're explicitly allowed to

Network-based attacks

Strict network access controls prevent lateral movement

Zero-day exploits

Limits damage even from unknown vulnerabilities

Who else uses SELinux? US Department of Defense, NSA, major banks, healthcare systems, and enterprises with strict compliance requirements.

Security

Real-time malware detection

Our file monitoring daemon watches your files and catches threats the moment they appear, not hours later during a scheduled scan.

Monitor

File system events are watched in real-time across the system

Queue

New or modified files are instantly queued for scanning

Scan

Antivirus analyzes the file immediately

Isolate

Threats are contained and reported to your dashboard

Malware detection is built directly into our orchestrator with persistent queuing and exponential backoff. It's not an add-on, it's part of the platform.

Our philosophy

Why we own the stack

Building your own infrastructure is hard. We wanted something truly better.

Control

No vendor lock-in, no feature requests, no waiting. When we need something, we build it.

Innovation

Ellie, SPA deployment, and custom solutions. Features only possible when you build the platform yourself.

Quality

We know every line of code. When something breaks, we fix it in hours, not months.

Questions

Frequently asked questions

Control, speed, and quality. Off-the-shelf panels are designed for the broadest possible audience, which means layers of abstraction, slow update cycles, and security compromises we weren't comfortable with. Owning the stack means we decide how containers are isolated, how bot detection works at the edge, and how quickly a fix reaches production. No tickets to upstream vendors, no waiting for the next release.

We separate AI understanding from execution. Ellie interprets what you want to do, but the actual operations are handled by a deterministic system with predefined steps. The AI never directly executes commands or generates server configurations. It only identifies intent. That said, Ellie is still in beta and may occasionally misunderstand a request. Every action requires your confirmation before anything happens.