Online Support

Strengthen your online protection with Storm's comprehensive security audit

Get in-depth security audits that expose potential weaknesses which could compromise data privacy and security. Better security means better business continuity. It helps eliminate loss due to the significantly lower risk of hacks and attacks to your website, and preserves the trust of your clients and end users – upholding your brand’s reputation.

  • Automated one-click security audits for sites and servers
  • Add your sites and servers wherever they are hosted
  • Simplifies PCI DSS certification

One-click vulnerability identification

Easily detect chinks in your armour without years of technical experience. The security audit tool is free, and comes with point-and-click recommendations that can help bolster your security score.

Everything in one place

Sign into the Storm Performance & Security Centre and add your sites and servers in just a few clicks. Storm’s automated audit tool scans your hosting setup and identifies risks, delivering scoring for security, performance, and data protection. Need to improve your score? Just point and click to add the necessary security services.

Complete scan

Rapid port scanning probes 65,535 ports and pinpoints exposed running services. Our reports include an analysis of unnecessary active services and recommendations for action. Scans for viruses, rootkits, malware, and over 50,000 threats are available for client-owned servers.

Firewall review

Activate the web application firewall (WAF) for intelligent protection against DDoS attacks and other online threats. Custom WAF rules and firewalls can be audited to enhance effective organisation-specific policies.

PCI Compliance

PCI compliance means tough-as-nails security. Where scoring in the Storm Security & Performance Centre gives a bird’s eye view of your sites or server security, the Storm security audit provides an in-depth look at your security configuration. This includes spam-testing your server and checking your sites for HTML and scripting vulnerabilities.


You may ask why you need to be PCI compliant if you don’t collect card details. At Storm we use PCI as the benchmark in tough-as-nails security for all our customers. The GDPR came into force in 2018 making significant changes to data privacy regulation. Companies are required by law to protect customers’ personal information to the highest standards, or face serious consequences including crippling fines. So by complying with PCI DSS companies are also complying with the GDPR and protecting themselves from fines due to data breaches, even if they don’t hold cardholder data.


Storm will fully manage your security requirements via the Storm Security Centre. The team will take care of implementing all the required changes to your business, as well as proactively keeping on top of it as any threats evolve. This is the Storm Security guarantee.

Storm’s Security Audit incorporates various features provided through Cloudflare’s Essential Website Protection. It’s important to note that the Storm Portal no longer supports the Cloudflare legacy platform. To manage your Cloudflare settings, please refer to the Storm Internet Security Centre.

Cloudflare Security Features

DDoS Protection

  • Network and Transport Layers (Layers 3 and 4): Cloudflare shields your servers from DDoS attacks at both these layers.
  • Application Layer (Layer 7): Cloudflare also has mechanisms to detect and neutralize attacks that imitate genuine web traffic.

Web Application Firewall (WAF)

Cloudflare’s WAF is designed to identify and block known web security vulnerabilities, such as SQL injections and Cross-Site Scripting (XSS).

Content Caching

Although not explicitly a security feature, Cloudflare’s content caching can lessen the strain on your original servers, making them more resilient against DDoS attacks.

Always Online

Cloudflare maintains a cached version of your website, ensuring it stays accessible even if your main server faces downtime—useful during DDoS attacks or other outages.

DNS Security

Cloudflare manages a robust DNS network and offers DNSSEC to secure DNS communication.

Firewall Rules

The platform enables custom firewall rules, allowing you to manage traffic based on parameters like IP addresses, geographical location, HTTP headers, and more.

Origin SSL Certificate

Unlike regular SSL certificates that secure the user-to-CDN connection, an origin SSL certificate specifically secures the CDN-to-origin server link. This provides complete encryption from end to end. Storm recommends using Alpha SSL Certificates.

Host Server Security Measures

NCSC Cyber Essentials Standards

Your host server is compliant with the National Cyber Security Centre (NCSC) Cyber Essentials, a certification scheme aimed at safeguarding organizations from prevalent cyber threats.

Anti-Virus Protection

All servers provided by Storm Internet feature premium antivirus software, equipped with:

  • Real-time Scanning: Continuously monitors files being accessed, modified, or created on the server.
  • Scheduled Scans: Regular full-system or partial scans to look for known malware signatures.
  • Heuristic Analysis: Detects previously unknown malware based on behavior rather than known signatures.
  • Log Analysis: Helps identify suspicious activity by scanning server logs.
  • Email Scanning: Scans incoming and outgoing emails for malicious attachments or links.
  • Web Filtering: Blocks access to websites known to host malware.
  • Firewall Integration: Sometimes combined with a firewall for a comprehensive security solution.
  • Alerting and Reporting: Sends alerts and generates reports to keep administrators informed about the security status.

Data Centre Accreditation

Your host server is located in a data centre accredited by ISO/IEC 27001, which is an international standard outlining best practices for information security management systems (ISMS).

Security audits and features like ISO 27001 certification contribute significantly to enhancing the security posture of a website or cloud server, but they are not absolute guarantees against all types of attacks. A security audit can:


  • Identify weaknesses: It can reveal server or website vulnerabilities you may not be aware of.
  • Regulatory compliance: Security audits are a requirement for some industries
  • Improves Security Over Time: Regular audits mean you can continually assess and improve your security posture.
  • Informed Decision-Making: Knowing the state of your security can help you allocate resources more effectively.

However, it should always be kept in mind that a security audit is essentially a snapshot of the state of your website or server’s security at a single point in time. New vulnerabilities can appear after the audit is complete. A security audit is also not an active defence against attacks.

While Storm’s Security Centre assesses the operating environment of your website or server, an external PCI vulnerability scan can provide a more in-depth picture of your site or server’s security features.

The Payment Card Industry Data Security Standard (PCI DSS) is one of the most recognized security standards globally, primarily focused on securing credit card information. Designed for vendors that process, store, or transmit credit card data, PCI compliance is not optional but mandatory. However, even websites that don’t handle card information can benefit from the robust security framework that PCI DSS provides.

Storm Internet offers external vulnerability scans for both servers and websites, making it a versatile security solution. These scans are designed to identify various security issues, including improperly configured firewalls, potential malware threats, and vulnerabilities related to remote access. Importantly, this service is platform-agnostic; it can be applied to different website platforms, whether you’re using WordPress, Joomla, Umbraco, or a custom-built site.

Fully-managed quarterly External PCI Vulnerability Scans are included in all Storm Internet’s server packages. Should your managed server fail a PCI compliance scan, we’ll proactively address any security issues to ensure PCI compliance.

External PCI Vulnerability Scans are available for websites from £10 per month per site.

Don’t just take our word for it

Over 14,000 happy retailers & brands use Storm Internet

Elizabeth Shaw

From the offset, Storm took the time to understand our problems and gave us confidence they could provide solutions to our issues. We've not been disappointed. Read More

Elliot Price - Elizabeth Shaw

Mystery Shoppers

Storm made us as the customer feel like we were valued. I think they are one of the best managed hosting companies out there! I have recommended Storm to several other people who have also been very pleased. Read More

Chris Palmer - Mystery Shoppers

Chris Palmer - Mystery Shoppers

Signum International

The Storm guys rectified any issues quickly and without needing any prompting from us. Being able to contact the MD is a real bonus, it's good to know that you have the right person's ear for what is critical to us. Read More

Bob Baker - Signum International

Bob Baker - Signum International


We had several issues with previous hosting providers including their communication, support and performance. With Storm Internet any issues have been resolved immediately and the support system is really easy to use. Read More

Sim Sekhon - Legal4Landlords

Sim Sekhon - Legal4Landlords

YKK Europe

If you need a responsive company to help with your web needs, then you can do no better than to call Storm Internet. Their dedicated team will help out in the most pressing of circumstances. Read More

Anna Stefaniak - YKK Europe

Channel and Mobile Solutions

We rely on Storm, 5 years and counting. They elevate managed hosting to a whole new level and speak our language. Read More

Mike Bowen - Channel and Mobile Solutions

Cool Milk

We need a website that is up and running at all times, and Storm delivers. They go the extra mile. Read More

Michael Saracevas - Cool Milk

Synbiotix Solutions Ltd

Storm designed and proposed a dedicated Private Cloud infrastructure that not only met our needs for current business IT operations but also allowed for future growth. Read More

Theo Constantinides - Synbiotix Solutions Ltd

Mandon Software

Whatever challenges you throw at them, Storm is always up to the task. Having them onboard is like having a complete tech team on duty 24/7 Read More

David Allaway - Mandon Software

Jayex Technology

Our needs had to be precisely matched and, unlike AWS or Google, Storm could do it Read More

Matteo Marcolini - Jayex Technology

Quantock Design

Their support makes us look good Read More

Gavin Sadler - Quantock Design


The support guys have been brilliant in sorting every issue, the support provided and the price that we pay is far better than what other hosting providers had quoted us Read More

Justin Smith - Breakerlink


Storm Internet offered everything we needed. The support is there 24/7 and it is on a personal level. We feel like a business partner. Storm have helped us to optimise our server and keep everything running smoothly Read More

Omar Farra - Nitrotek

Storm Internet wins Best Hosted Provider at 22nd ISPA Awards Storm Internet wins Best Hosted Provider at 22nd ISPA Awards

Storm Internet wins Best Hosted Provider at 22nd ISPA Awards

Over the years Storm Internet has collected a number of awards. They reflect a core methodology by which we empower our clients by providing them with the technology and tools they need to accomplish their goals efficiently.

Read More
0800 817 4727