Mixd Managed Hosting is our managed WordPress hosting service that’s designed specifically for UK public sector organisations. The service hosts high profile websites like the NHS, local authorities and the emergency services. All on an enterprise platform that is optimised for large public sector websites with high volumes of content.

Enterprise-grade security:

With multiple layers of security controls and protections, Mixd Managed Hosting offers best-in class security that meets the most stringent security requirements for UK public sector organisations.

  • Automated WordPress updates
  • Web Application Firewall (WAF)
  • DDoS protection
  • Managed TLS certificates
  • Encrypted backups

We have been working with Mixd for several years now and are really impressed by Mixd‘s commitment to cyber security.

Chris Bailey Head of Development – United Lincolnshire Hospitals NHS Trust

Expert support:

Get support from the UK’s foremost public sector WordPress experts. We offer best-in-class support that works as your extended team with troubleshooting, expert reviews, training and site improvements.

  • Unrivalled experience:

    We pride ourselves on having an ultra-responsive, friendly team. Benefit from recommendations based on our deep experience supporting other public sector websites.

  • 24/7 support:

    For emergency support, use our ticket system to reach our team or call and speak directly with an on-call engineer, 24 hours a day, seven days a week.

  • Service level agreement:

    99.99% uptime SLA and the fastest possible responses to your issues. Urgent tickets have a 1-hour SLA and we will reply to general support requests in 24 hours.

  • Monitoring and alerting:

    Our team monitors the platform and your website around the clock and will act on alerts about issues. We will inform you and start investigating if your site is down.

  • Integrated account team:

    A dedicated account manager will provide help and guidance when needed including proactive, predictable support with regular calls and quarterly performance reviews.

  • WordPress training

    We train your team to develop their skills with structured WordPress training based on years of experience training communications teams in public sector organisations.

Managed security:

Proactive security with robust access controls, security monitoring, DDoS protection, managed WAF, automated patching and vulnerability scans. That’s why Mixd is trusted by the NHS and UK government.

  • WordPress updates:

    Rapid patching addresses potential threats to your site. We alert all customers of upcoming WordPress updates and make sure you are on the latest version of the platform.

  • Managed WAF:

    Our managed Web Application Firewall (WAF) includes WordPress-specific security rulesets. It inspects web traffic for signs of XSS or SQL injections and automatically responds to emerging threats.

  • DDoS protection:

    Cloudflare’s Global Anycast network absorbs highly distributed attack traffic to keep you online. Origin infrastructure is protected by detecting and dropping attacks at the edge.

  • Logging and auditing:

    We log activity at the application, web server, database and operating system layers. This allows us to analyse and investigate security issues in real-time.

  • SSL/TLS certificates:

    Our platform automates TLS certificates from Cloudflare, ensuring certificates are always valid. Customers may also procure their own certificates from any TLS certificate authority.

  • Cloudflare CDN:

    A built-in CDN (Content Delivery Network) delivers site content faster to the users, regardless of their location using Cloudflare’s next-generation CDN and Argo Smart Routing’s dynamic traffic routing algorithm.

Data security:

Trust Mixd to keep your data secure and meet your compliance requirements.

  • Data protection:

    By default, Mixd Managed Hosting encrypts data at rest and data in transit for all of our customers.

  • Data residency:

    Mixd Managed Hosting leverages data centres in London (United Kingdom) only.

  • Data centre security:

    Our origin data centres meet the ISO/IEC 27001 certification, SOC 1, SOC 2 (Type Ⅱ) and many more.

  • Encrypted backups:

    Backups are taken daily and maintained for 30 days offsite on AWS S3 using AES 256 encryption.

  • GDPR compliance:

    We have specific processes to ensure compliance with GDPR including a data processing addendum.

  • Disaster recovery:

    We maintain business continuity and disaster recovery plans that are regularly reviewed and tested.

Certifications Include:

Our services regularly undergo independent verification of security, privacy and compliance controls, achieving certifications against global standards to earn your trust.

Our partner network:

All the of the companies in our partner network are specialists in their field and have the same understanding of quality as we do.

  • WP Engine
  • Google Cloud
  • AWS
  • Cloudflare


Where is data hosted?

Mixd Managed Hosting hosts service data in Google Cloud data centres geographically located in London, United Kingdom which has been certified as ISO, PCI DSS and SOC compliant. Google Cloud infrastructure services include backup power, HVAC systems and fire suppression equipment to help protect your data. Backups are hosted on Amazon Web Services (AWS) S3 data centres in London, United Kingdom which are encrypted in transit and at rest. AWS infrastructure services include backup power, HVAC systems and fire suppression equipment to help protect your data.

Are data backups encrypted?

All backup data is encrypted while in transit using TLS 1.2. All backups are stored off-site on AWS S3 and encrypted using S3’s built-in AES 256 encryption.

Can we perform our own penetration testing?

Our customers are welcomed to perform vulnerability or penetration testing on Mixd’s environment. Please contact your account manager to learn about options for scheduling either of these activities.

What technical measures do you use to protect data?

Mixd and its hosting provider are ISO/IEC 27001 compliant. Copies of relevant information security policies and certifications are available under NDA.

Do you conduct vulnerability scanning?

Yes, Mixd Managed Hosting offers a secure environment that protects your website from malicious code. Our cloud supplier (WP Engine) runs vulnerability scans on a biweekly basis.

What responsibility does the customer have?

The security of a site hosted on the Mixd Managed Hosting platform is a shared responsibility between Mixd and our customers. While Mixd is committed to providing a secure infrastructure, customers have the responsibility of user management and overseeing that security best practices are followed by their users.