Does WPX Hosting Remove Malware For Customers & Is It Free? Do I Also Need Sucuri Or Wordfence Protection?

Malware is a big and growing problem on the Web:

Unlike some hosting companies that send their customers to a service like Sucuri through an affiliate link and expect their customers to pay an EXTRA $200 a year (see below) for malware removal on top of their hosting charges, WPX Hosting DOES clean malware from all WPX servers daily.

WPX customers are NOT charged for this frequent removal of malware.

What is NOT covered in WPX’s frequent malware scans & removal?

Again, unlike some hosting companies, WPX does NOT automatically update WordPress itself, any WordPress themes or any WordPress plugins to the latest versions.

These updates are ENTIRELY the responsibility of the Webmaster i.e. you.


We know from experience that updating WordPress, themes or plugins can break websites and when we have done it automatically in the past, there were huge problems with sites going down due to conflicts or incompatibilities.

Read more on that here.

But what about newly discovered vulnerabilities? Can’t my sites be hacked if the latest updates are not enabled?

Generally no, because we address KNOWN vulnerabilities at the server level so that all WPX-hosted sites are protected, even if older versions of themes and plugins are vulnerable – a different way to achieve the same result: high-level security on the servers.

However, the WordPress free plugin repository has 55,000+ plugins there and many less popular plugins could have vulnerabilities that have not yet been discovered or made public, information that we need to act on at the server level.

Plus, it is best practice to always keep WordPress, your themes and your plugins updated to the latest versions, regardless of what WPX is doing to protect your sites.

So what security measures are in place at WPX do that I don’t need something like Sucuri or Wordfence?

WPX has these security measures running 24/7 for all sites hosted with us:

  • Custom and constantly updated WAF (Web Application Firewall)
  • Enterprise-level DDOS protection by Incapsula
  • Free system-wide malware scans
  • Free system-wide malware/malicious file removal
  • Cleanup of malicious redirects, backdoors and script injections
  • Daily updates to server security rules (see above)
  • Individual site audits in specific cases by WPX Malware Team

And while a plugin like Wordfence does report possible attacks that it has blocked, WPX blocks the attacks but does not currently report those.

Wordfence can also slow down larger websites if scanning intervals are too frequent and it can also conflict with Thrive Architect if that is your page builder of choice.

From our analysis of Sucuri’s current service and our past experience of working with them, there is nothing offered by GoDaddy-owned Sucuri that WPX is not doing already.

In short, with WPX you can save $200 a year PER WEBSITE on an unnecessary Sucuri subscription.

For $99 a year PER WEBSITE, Wordfence will secure  your site. Malware removal is $490 per cleaning:

If you get stuck with any function discussed here, please contact WPX Support via live chat (use the bottom right hand widget!) and they will usually respond and help within 30 seconds or less.