IRAP assessed hosting
IRAP assessed WordPress hosting
Managed hosting for WordPress on infrastructure IRAP assessed at the OFFICIAL:Sensitive level. Containers, managed databases, CDN and WAF included — with the audit logging, backups, and sovereignty your agency requires.
Application hosting
Managed WordPress hosting
Deploy WordPress from a managed template and run it as a fully dynamic application. Containers are managed with health checks and autoscaling, the database is provisioned for you, and every request passes through the CDN and WAF.
- Managed containers with health checks and autoscaling
- Managed MySQL 8.4 with Multi-AZ option
- CDN, WAF, and DDoS protection in front of every request
- Automated backups with on-demand restore to any environment
Explore WordPress cloud hosting
Optional hardening
Static delivery with the Quant plugin
For an extra layer of security, the official Quant plugin syncs published content to the edge so the public site is served as static pages. Editors keep working in wp-admin as normal, while the origin can be locked away from the internet entirely.
- Public pages served static from the edge
- Origin restricted or fully offline between publishes
- Editors keep their wp-admin workflow
- Official plugin for content sync and cache purging
Explore the WordPress integration
What IRAP assessed hosting includes
Your WordPress site inherits the same assessed platform controls.
Immutable audit logging
Multi-region audit trails with log file validation capture every administrative action.
- 7-year (2,555-day) retention
- Object Lock in COMPLIANCE mode
- Network flow logs on every VPC
Automated backups
Daily database backups, plus on-demand database and filesystem backups you control.
- 30-day automated retention
- Restore to any environment
- Multi-AZ database option
Australian data sovereignty
Workloads run in Melbourne with Sydney as the secondary region. Data at rest stays in Australia.
- Melbourne primary region
- Sydney secondary region
- Australian owned and operated
Encryption everywhere
Encryption at rest and in transit for every workload, with managed key infrastructure.
- AES-256 at rest
- TLS 1.2 minimum in transit
- HTTPS-only origins
Access control
Strong authentication and least-privilege access for every account and API client.
- MFA and passkeys
- SAML single sign-on
- Role-based access and scoped API tokens
Network security
Defence in depth from the edge to the container.
- WAF with OWASP paranoia levels
- DDoS protection and rate limiting
- Protective DNS and per-tenant isolation
IRAP assessed WordPress hosting FAQs
Can I run WordPress on IRAP assessed infrastructure?
Yes. QuantGov Cloud is IRAP assessed at the OFFICIAL:Sensitive level, and WordPress runs as a managed containerised application with a provisioned database, CDN, and WAF. Your site inherits the platform controls covered by the assessment.
Do I have to use static delivery?
No. WordPress runs as a normal dynamic application behind the CDN and WAF. Static delivery via the Quant plugin is an optional extra layer that serves public pages from the edge and lets you restrict access to the origin.
How is WordPress protected?
Every request passes through the WAF, rate limiting, and DDoS protection at the edge. With optional static delivery the public site is served as static pages and the WordPress origin can be restricted so it is not directly exposed to the internet.
How is my WordPress site backed up?
Databases are backed up automatically with 30-day retention, and you can take on-demand database and filesystem backups and restore them to any environment.
Where is my WordPress data hosted?
Workloads run in the Melbourne region with Sydney as the secondary region. Data at rest stays in Australia.
Deploy WordPress on assessed infrastructure
Managed WordPress with the audit logging, backups, and sovereignty your agency requires.