Bảng giá
Tạo một trang web
Trang web lập trình theo cảm xúc
DÙNG THỬ MIỄN PHÍ
Mô tả những gì bạn muốn và Horizons sẽ xây dựng nó. Không cần kỹ năng công nghệ.
Website builder kéo và thả
Xây dựng và chỉnh sửa trang web bằng các mẫu có sẵn
Managed Hosting cho WordPress
Tăng cường sức mạnh trang web với CMS hàng đầu thế giới
Di chuyển trang web
Di chuyển trang web nhanh chóng và miễn phí
Bán hàng trực tuyến
Thương mại điện tử
MỚI
Mọi thứ bạn cần để ra mắt, vận hành và phát triển kinh doanh thương mại điện tử.
Managed Hosting cho WooCommerce
Vận hành cửa hàng WooCommerce dễ dàng
Lưu trữ và triển khai
Web hosting
Lưu trữ mọi trang web nhanh chóng, dễ dàng và an toàn
Cloud hosting
Mở rộng với nhiều sức mạnh và tài nguyên hơn
VPS hosting
Nhận toàn quyền kiểm soát với VPS được AI quản lý
Ứng dụng web
Triển khai và vận hành ứng dụng web hiện đại ngay lập tức
Danh mục ứng dụng
Triển khai ứng dụng mã nguồn mở trong vài giây
Đại lý hosting
Quản lý nhiều trang web một cách chuyên nghiệp
Tên miền
Tìm kiếm tên miền
Tìm tên miền hoàn hảo
Chuyển tên miền
Chuyển tên miền hiện có đến Hostinger
Email và tiếp thị
Email doanh nghiệp
Tạo địa chỉ chuyên nghiệp để xây dựng thương hiệu của bạn
Tiếp thị qua email
Tạo và gửi email với Reach được hỗ trợ bởi AI
Google Workspace
Cộng tác với các công cụ dành cho nhóm
Trợ lý AI 1 nhấp
OpenClaw
Trợ lý AI cá nhân, luôn hoạt động để tự động hóa hàng ngày
Hermes Agent
MỚI
Trợ lý AI bền vững, nhận biết ngữ cảnh để tự động hóa liên tục
Lưu trữ VPS n8n
Các quy trình làm việc AI tùy chỉnh, dựa trên nút với khả năng kiểm soát hoàn toàn
Hostinger Agents
MỚI
Đội ngũ AI sẵn sàng hỗ trợ các tác vụ kinh doanh hàng ngày
Hostinger Connector
MỚI
Xây dựng trang web và quản lý hosting với trợ lý lập trình AI của bạn
Giới thiệu
Blog
Tin tức và cập nhật mới nhất của chúng tôi
Cập nhật sản phẩm
Các bản phát hành mới nhất và các tính năng sắp ra mắt
Câu chuyện của chúng tôi
Chúng ta đến đây như thế nào và chúng ta sẽ đi đâu
Học viện Hostinger
Các video hướng dẫn thực tế giúp bạn xây dựng và phát triển trực tuyến.
Hỗ trợ
Kiến thức cơ bản
Lời khuyên và câu trả lời cho tất cả câu hỏi thường gặp
Hướng dẫn
Các bài viết giúp bạn đạt được thành công trực tuyến
Phòng thí nghiệm
Hướng dẫn từng bước để ra mắt và phát triển dự án trực tuyến của bạn.
Liên hệ
Cách liên hệ chúng tôi
EcommerceMỚI

Chính sách trách nhiệm tiết lộ và chương trình phần thưởng tìm lỗi của Hostinger

Vui lòng đọc kỹ thỏa thuận này vì nó chứa các thông tin quan trọng liên quan đến quyền lợi và biện pháp khắc phục của bạn.
Chính sách bảo mật
Điều khoản dịch vụ
Hostinger accessibility statement
Thông tin nhà đăng ký

Thỏa thuận

Điều khoản đặc biệt của Hostinger Horizons
Phụ lục xử lý dữ liệu
Thỏa thuận chương trình giới thiệu
Thỏa thuận chương trình liên kết
Thỏa thuận chuyển tên miền
Thỏa thuận đăng ký tên miền
Thỏa thuận đổi người đăng ký
Thỏa thuận hosting

Chính sách

Chính sách cookie
Chính sách đăng ký TLD
Chính sách hoàn tiền
Chính sách khôi phục đăng ký hết hạn
Chính sách trách nhiệm tiết lộ và chương trình phần thưởng tìm lỗi của Hostinger
Chính sách xử lý vi phạm
Giải quyết tranh chấp tên miền
Hướng dẫn và quyền hạn thương hiệu
Nhãn hiệu/Bản quyền
Non-public registrant data (NPRD) request policy

Chính sách của công ty

Quy tắc ứng xử của bên thứ ba

Phiên bản tiếng Anh của chính sách và thỏa thuận pháp lý này được xem là phiên bản hiện hành và có giá trị pháp lý duy nhất. Tất cả phiên bản được dịch chỉ dùng cho mục đích tham khảo và để hiểu rõ phiên bản tiếng Anh hơn. Các phiên bản được dịch không có ràng buộc pháp lý và không thể thay thế phiên bản tiếng Anh. Trong trường hợp có mâu thuẫn hoặc bất đồng, điều khoản dịch vụ bằng tiếng Anh sẽ được ưu tiên và là ràng buộc duy nhất.

Chính sách trách nhiệm tiết lộ và chương trình phần thưởng tìm lỗi của Hostinger
Chính sách bảo mật
Điều khoản dịch vụ
Hostinger accessibility statement
Thông tin nhà đăng ký
Thỏa thuận
Điều khoản đặc biệt của Hostinger Horizons
Phụ lục xử lý dữ liệu
Thỏa thuận chương trình giới thiệu
Thỏa thuận chương trình liên kết
Thỏa thuận chuyển tên miền
Thỏa thuận đăng ký tên miền
Thỏa thuận đổi người đăng ký
Thỏa thuận hosting
Chính sách
Chính sách cookie
Chính sách đăng ký TLD
Chính sách hoàn tiền
Chính sách khôi phục đăng ký hết hạn
Chính sách trách nhiệm tiết lộ và chương trình phần thưởng tìm lỗi của Hostinger
Chính sách xử lý vi phạm
Giải quyết tranh chấp tên miền
Hướng dẫn và quyền hạn thương hiệu
Nhãn hiệu/Bản quyền
Non-public registrant data (NPRD) request policy
Chính sách của công ty
Quy tắc ứng xử của bên thứ ba

Lần chỉnh sửa cuối: 2026-07-13 08:55:22

OVERVIEW

These Responsible Disclosure Policy and Bug Bounty Program Terms ("Program Terms") govern your participation in Hostinger's Bug Bounty Program ("Bug Bounty Program"). 

These Program Terms supplement the Terms of Service, Privacy Policy, and any other agreement between you and Hostinger. Unless otherwise defined in these Program Terms, capitalized terms have the meanings given to them in the Terms of Service. If there is any inconsistency between these Program Terms and the Terms of Service or Privacy Policy, these Program Terms will prevail solely with respect to the Bug Bounty Program.

For the avoidance of doubt, nothing in these Program Terms limits or excludes any rights, remedies, or obligations arising under the Terms of Service.

Hostinger reserves the right to update, amend, or otherwise modify these Program Terms at any time. Any such changes become effective upon publication on Site or the applicable Bug Bounty Program platform. By continuing to participate in the Bug Bounty Program after such changes become effective, you agree to the updated Program Terms.

RESPONSIBLE DISCLOSURE POLICY

Hostinger encourages the responsible disclosure of security vulnerabilities in our Services or on our Site. We recognize the important role that security researchers and our user community play in helping to keep Hostinger and our customers secure. If you discover a vulnerability affecting our Site or Services, please report it in accordance with these Program Terms.

PROGRAM TERMS

Participation in the Bug Bounty Program is voluntary. By participating in the Bug Bounty Program or submitting a security vulnerability to Hostinger, you acknowledge that you have read, understood, and agreed to these Program Terms.

To encourage responsible security research and vulnerability disclosure, Hostinger commits that, if we conclude, in our sole discretion, that your activities comply with these Program Terms, and the Terms of Service, Hostinger will not pursue a civil claim against you solely in connection with your compliant security research or refer the matter to law enforcement.

As part of your research, you shall not modify any files or data, including permissions, and shall not intentionally view or access any data beyond what is needed to prove the vulnerability.

Hostinger will make a best effort to adhere to the following response targets:

Type of ResponseBusiness days
First Response2 business days
Time to Triage5 business days
Time to Bounty14 business days
Time to Resolutiondepends on severity and complexity

TESTING CREDENTIALS

To avoid abuse of shared testing credentials, Hostinger does not provide shared accounts for testing. You must register your own Account and purchase a Single Shared Hosting plan. 

If you are eligible under these Program Terms, Hostinger will provide you with a discount coupon covering the full cost of one  Shared Hosting plan for one month. 

If you wish to test Hostinger web applications, please contact the Hostinger security team at security@hostinger.com to request a discount coupon. Please include your HackerOne profile name, email used to register your Account, and  confirmation that you are participating in the Bug Bounty Program through HackerOne.

THE FOLLOWING HOSTINGER DOMAINS IN SCOPE:

  • www.hostinger.com
  • hpanel.hostinger.com
  • cpanel.hostinger.com *
  • payments.hostinger.com
  • builder.hostinger.com
  • horizons.hostinger.com
  • reach.hostinger.com
  • agents.hostinger.com
  • mail.hostinger.com

Domains not listed above are not in scope.

* Note: we only reward vulnerabilities caused by our systems. Issues related to the cPanel platform itself are not eligible for rewards.

The inclusion of a Site, Service, domain, or other asset within the Bug Bounty Program scope does not authorize any activity that exceeds the scope of responsible security research or is inconsistent with these Program Terms.

NEW HOSTING PLAN - AGENCY

We have launched new Agency hosting plans that are built entirely on our H5G infrastructure, which is designed specifically for WordPress hosting. These plans provide complete site isolation to boost security and performance. They also facilitate access sharing for each site, supporting smooth collaboration among team members.

Since the Agency plan is fully powered by H5G, its security testing scope (including Bounty Payments) falls under our existing H5G Infrastructure scope. We invite researchers to help identify potential vulnerabilities.

To participate in testing our new hosting plans, please email security@hostinger.com and ask for a coupon for Agency plan testing. Include the email address you used to register for Hpanel in your email.

ELIGIBILITY REQUIREMENTS

To be eligible to participate in the Bug Bounty Program and receive a Bounty Payment, you must:

  • comply with these Program Terms;
  • comply with the authorisation and sanctions compliance requirements set out in the Terms of Service;
  • comply with applicable laws in connection with your participation in the Bug Bounty Program;
  • conduct your security research in good faith and take only those actions reasonably necessary to identify, validate, and report a vulnerability, while avoiding unnecessary harm to Hostinger, its customers, or any third party;
  • not be an employee, officer, director, or independent contractor of Hostinger or any of its affiliates, or an immediate family member of any such person;
  • be at least 16 years of age. If you are considered a minor under the laws of  your place of residence, you must obtain permission from your parent or legal guardian prior to participating in the Bug Bounty Program.

Hostinger may request additional information reasonably necessary to verify your eligibility.

If Hostinger determines, in its sole discretion, that you do not satisfy the eligibility requirements or otherwise violate these Program Terms, Hostinger may suspend or terminate your participation in the Bug Bounty Program and deny, withhold, or revoke any Bounty Payment.

DISCLOSURE GUIDELINES

By participating in the Bug Bounty Program or submitting a vulnerability through HackerOne, you agree not to publicly disclose, or disclose to any third party, your findings, the reported vulnerability, proof-of-concept code, exploit details, or the contents of your submission without Hostinger's prior written approval.

QUALIFYING VULNERABILITIES

Hostinger may determine, in its sole discretion, whether a reported vulnerability qualifies for the Bug Bounty Program. Qualifying vulnerabilities are those affecting the confidentiality, integrity, or availability of any Site or Service that is within the Bug Bounty Program scope. Qualifying vulnerabilities include, but are not limited to:

  • Authentication or authorization flaws, including insecure direct object references and authentication bypass
  • Server-side or remote code execution (RCE)
  • Injection vulnerabilities, including SQL and XML injection
  • Directory Traversal
  • Privilege Escalation
  • Disclosure of sensitive or personally identifiable information
  • Significant security misconfiguration with a verifiable vulnerability
  • Exposed system credentials, disclosed by Hostinger or its employees, that pose a valid risk to an in scope asset

NON-QUALIFYING VULNERABILITIES

Any Site, Service, domain, asset, customer hosted content, or third-party software that is not included within the Bug Bounty Program scope is out of scope and is not eligible for a Bounty Payment.

The following actions do not qualify for the Bug Bounty Program and should not be tested by researchers participating in the Bug Bounty Program:

  • Reports that involve a secondary user account where an existing business relationship is being leveraged and the impact is limited solely to the parent account
  • Username enumeration on customer facing systems (i.e. using server responses to determine whether a given account exists)
  • Scanner output or scanner-generated reports, including any automated or active exploit tool
  • Man-in-the-Middle attacks
  • Any physical attacks against Hostinger property or data centers
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Click-jacking
  • Vulnerabilities involving stolen credentials or physical access to a device
  • Phishing attacks
  • Social engineering attacks, including those targeting or impersonating internal employees by any means (e.g., customer service chat features, social media, personal domains, etc.)
  • Open redirection, except in the following circumstances:
    • Clicking a Hostinger-owned URL immediately results in an unexpected redirection and loss of sensitive data (e.g., session tokens, PII, etc)
  • CRIME/BEAST attacks
  • Logout CSRF
  • Banner or version disclosures
  • Missing SPF records
  • Directory listing (unless sensitive data can be found)
  • DoS, brute force, user enumeration or DDoS attacks
  • Blackhat SEO techniques
  • Any other submission determined to be low risk, based on unlikely or theoretical attack vectors, requiring significant user interaction, or resulting in minimal impact
  • Vulnerabilities on third party libraries without showing specific impact to the target application (e.g., a CVE with no exploit)
  • Exposed credentials that are either no longer valid, or do not pose a risk to an in scope asset
  • Any bug that relies upon an outdated browser
  • Infrastructure vulnerabilities, including:
    • Issues related to SSL certificates
    • DNS configuration issues
    • Server configuration issues (e.g., open ports, TLS versions, etc.)
  • Bugs requiring exceedingly unlikely user interaction.
  • Insecure password complexity requirements
  • Email verification/validation issues
  • Quality and business logic bugs which do not pose real risk and do not impact business and customers in a way which could lead to unauthorised access to data or systems, also when there is no possibility to take advantage of the bug to cause some sort of damage to company systems or data.
  • Vulnerabilities on individual clients infrastructure or virtual private servers (VPS), including websites, databases, etc.
  • Hacking discount coupons
  • Broken links 

BUG SUBMISSIONS REQUIREMENTS

For each vulnerability report, please include the following information:

  • Full description of the reported vulnerability, including its exploitability and potential impact;
  • Evidence and an explanation of all steps required to reproduce the reported vulnerability, which may include:
    • Videos or Step by step screenshots;
    • Exploit code;
    • Traffic logs;
    • Web/API requests and responses;
    • Email address or user ID of any test accounts;
    • IP address used during testing.
  • For RCE submissions, the additional requirements set out below also apply.

Failure to provide sufficient information to reproduce and validate the reported vulnerability may delay the review of your report or affect your eligibility for a Bounty Payment.

REMOTE CODE EXECUTION (RCE) SUBMISSIONS REQUIREMENTS

In addition to the requirements above, reports relating to RCE should include, where applicable: 

  • Source IP address;
  • Timestamp, including time zone;
  • Full server request and responses;
  • Filenames of any uploaded files, which must include “bugbounty” and the timestamp;
  • Callback IP and port, if applicable;
  • Any data that was accessed, either deliberately or inadvertently.

Permitted actions:

  • Directly injecting benign commands via the web application or interface (e.g. whoami, hostname, ifconfig)
  • Uploading a file that outputs the result of a hard-coded benign command

Prohibited actions:

  • Uploading files that allow arbitrary commands (i.e. a webshell)
  • Modifying any files or data, including permissions
  • Deleting any files or data
  • Interrupting normal operations (e.g. triggering a reboot)
  • Creating and maintaining a persistent connection to the server
  • Intentionally viewing any files or data beyond what is needed to prove the vulnerability
  • Failing to disclose any actions taken or applicable required information

BOUNTY PAYMENTS

You may be eligible to receive a monetary reward (“Bounty Payment”) if: 

  • you are the first person to submit a valid report of a previously unknown vulnerability affecting an in-scope Site or Service; and
  • Hostinger determines, in its sole discretion, that the reported vulnerability is a valid security issue; and 
  • you have complied with these Program Terms.

Hostinger will determine, in its sole discretion, whether a reported vulnerability qualifies for a Bounty Payment and the amount of any Bounty Payment. Nothing in these Program Terms obligates Hostinger to make a Bounty Payment.

All Bounty Payments will be made in United States dollars (USD). You are solely responsible for any taxes, duties, or other governmental charges applicable to any Bounty Payment you receive under the laws of your country of residence, citizenship, or any other applicable jurisdiction. 

The minimum Bounty Payment for a validated vulnerability report is $100 (USD), and the maximum Bounty Payment for a validated vulnerability report is $25,000 (USD).

When determining the amount of a Bounty Payment, Hostinger may consider, among other factors:

  • the severity, exploitability, and potential impact of the reported vulnerability; 
  • the sensitivity of the affected Site, Service, systems, or data; 
  • the overall risk posed to Hostinger, its customers, or third parties; 
  • the quality, completeness, and reproducibility of your report; 
  • and any other relevant circumstances.

Any attempt to obtain a Bounty Payment through extortion, coercion, or threats of public disclosure may result in immediate disqualification from the Bug Bounty Program and denial of any Bounty Payment.

Hostinger may deny, reduce, withhold, or revoke a Bounty Payment if you fail to comply with these Program Terms or if the reported vulnerability is determined to be ineligible under the Bug Bounty Program.

All decisions regarding eligibility for, and the amount of, any Bounty Payment are final and made at Hostinger's sole discretion.

RETESTING

Hostinger may, in its sole discretion, determine whether retesting of a previously reported vulnerability will be permitted or requested. When making this determination, Hostinger may consider, among other factors, the severity of the reported vulnerability, the quality of the initial report, and available internal resources.

Retesting Bounty Payments are available only where retesting has been expressly requested or approved by Hostinger.

To recognize the additional effort involved in retesting, you may be eligible for the following retesting Bounty Payments: 

  • Low and Medium severity vulnerabilities: $50 (USD);
  • High and Critical severity vulnerabilities: $100 (USD).

OWNERSHIP OF SUBMISSIONS

You retain ownership of your vulnerability report and any materials you submit in connection with it. As a condition of participating in the Bug Bounty Program, you grant Hostinger and its affiliates a perpetual, irrevocable, worldwide, royalty-free, transferable, sublicensable, and non-exclusive license to use, reproduce, modify, adapt, publish, distribute, publicly display, publicly perform, create derivative works from, and otherwise use your vulnerability report and any related materials for any lawful purpose.

You represent and warrant that you have all rights necessary to grant the license set out in these Program Terms and that your vulnerability report does not knowingly infringe the intellectual property or other rights of any third party.

Nothing in these Program Terms obliges Hostinger to implement, commercialize, or otherwise use any information contained in your vulnerability report.

You waive any claims of any nature, including claims based on an express contract, implied-in-fact contract, or quasi-contract, arising from your disclosure of a vulnerability report to Hostinger.

Nothing in these Program Terms prevents Hostinger from independently developing, acquiring, licensing, or using products, services, technologies, or materials that are similar or identical to those described in your vulnerability report, provided that Hostinger complies with these Program Terms.

The license granted under this section survives the termination of your participation in the Bug Bounty Program.

CONFIDENTIALITY

Any information that you access, receive, or otherwise become aware of in connection with your participation in the Bug Bounty Program, including information relating to Hostinger, its affiliates, employees, customers, independent contractors, Sites, Services, systems, or security ("Confidential Information"), must be kept strictly confidential and used solely for the purposes of participating in the Bug Bounty Program.

You must not access, use, copy, retain, disclose, distribute, or otherwise make available any Confidential Information except to the extent reasonably necessary to identify, validate, and report a vulnerability in accordance with these Program Terms.

If, during your security research, you become aware of any actual or suspected security incident, unauthorized access, or exposure of Confidential Information, including personal data, you must without undue delay report it to Hostinger through the Bug Bounty Program and cooperate with any reasonable instructions provided by Hostinger regarding the handling of such Confidential Information.

You must permanently delete any Confidential Information obtained during your participation in the Bug Bounty Program once it is no longer reasonably required to prepare or support your vulnerability report, unless otherwise required by applicable law or expressly authorized in writing by Hostinger.

Failure to comply with this section may result in suspension or termination of your participation in the Bug Bounty Program, denial, withholding, or revocation of any Bounty Payment, or any other action available to Hostinger under these Program Terms, the Terms of Service, or applicable law.

TERMINATION

You may stop participating in the Bug Bounty Program at any time by ceasing all testing activities and complying with these Program Terms.

Hostinger may, at any time and in its sole discretion, suspend or terminate your participation in the Bug Bounty Program if:

you breach these Program Terms, the Terms of Service, or any other agreement between you and Hostinger; or

Hostinger reasonably determines that your participation poses a risk to Hostinger, its affiliates, Sites, Services, infrastructure, systems, customers, employees, business, or reputation.

Hostinger may also, at any time and in its sole discretion, suspend, modify, or discontinue the Bug Bounty Program, in whole or in part.

Upon suspension or termination of your participation, Hostinger may take any action permitted under these Program Terms, including denying, withholding, or revoking any Bounty Payment.

Termination of your participation in the Bug Bounty Program does not affect any rights or obligations that, by their nature, are intended to survive termination, including the confidentiality, intellectual property, and limitation of liability provisions of these Program Terms.

Submit
Hostinger Chính sách trách nhiệm tiết lộ và chương trình phần thưởng tìm lỗi của Hostinger
hostingWeb hosting Hosting cho WordPress VPS hosting n8n tự lưu trữ Email doanh nghiệp Cloud hosting Hosting cho WooCommerce Hosting cho đại lý Minecraft hosting Hermes Agent VPS OpenClaw VPS Paperclip Google Workspace
Tên miềnTìm kiếm tên miền Tên miền giá rẻ Tên miền miễn phí WHOIS Chứng chỉ SSL miễn phí Chuyển Tên Miền Tên miền
công cụHorizons Website Builder AI Website Builder Ecommerce Website Builder Mẫu In theo yêu cầu Trình tạo Logo AI Chuyển website Hostinger API
thông tinBảng Giá Đánh Giá Chương Trình Affiliate Hợp tác giáo dục Danh bạ Agency Lộ trình Tình Trạng Hệ Thống Trung tâm tin cậy Sơ đồ trang
công tyVề Hostinger Công nghệ của chúng tôi Blog (Tiếng Anh)
Hỗ trợHướng Dẫn (Tiếng Anh) Kiến thức cơ bản Học viện Hostinger Liên Hệ Báo Cáo Vi Phạm
Chính sách yêu cầu NPRD Chính Sách Bảo Mật Chính sách hoàn tiền Điều Khoản Dịch Vụ
visa
mastercard
amex
discover
jcb
dinersclub
thêm nữa
© 2004-2026 Hostinger – Khởi chạy, phát triển và thành công trực tuyến, được hỗ trợ bởi AI đưa sức mạnh vào tay bạn.

Giá được liệt kê chưa VAT

Chúng tôi coi trọng quyền riêng tư của bạn

Trang web này sử dụng cookie cần thiết để trang web hoạt động bình thường và để lấy dữ liệu về cách bạn tương tác với trang web, cũng như cho mục đích tiếp thị. Bằng cách chấp nhận, bạn đồng ý lưu cookie trên thiết bị cho quảng cáo mục tiêu, cá nhân hóa và phân tích như được mô tả trong Chính sách cookie của chúng tôi.