Whether you're totally new to hosting a site or blog, else are considering a change, understanding the various types of hosting provider is essential.
Let’s consider the lot and, true to this site’s mission, with particular emphasis on security implications.
Here are the most popular tried and tested hosting options, whether for sites, data or applications:-
- shared hosting
- unmanaged virtual private server (VPS)
- cloud servers
- unmanaged dedicated server
- managed VPS or dedicated server
One hosting type often leads to another as our traffic, site, and needs grow. Here’s some comparison of the key hosting types with an emphasis on security.
- Shared hosting analysis
A shared hosting plan is the entry-level self-hosted option carrying an average monthly cost of $5 to $10.
What Server resources (such as processing power and RAM) are shared between multiple users generally ranging from hundreds to thousands of accounts on a single box. Onus Provider is responsible for the server and the client for the site. Detail User accounts are jailed aka chrooted as detailed in Setup chroot SFTP Jail using OpenSSH. Users can’t access each others’ files. Limited site security features are available using a control panel with a few advanced features generally available using a terminal as explained in vpsBible’s Lock Down Login guides. Pros Users do not have to configure complex security solutions but that doesn’t mean they shouldn’t scrutinize their provider. Cons If a server is compromised then all of its user accounts are at risk. Suits Most of us but essentially sites with small to medium traffic.
- Unmanaged virtual private server (VPS) analysis
Managed by the user, virtual private servers are the hands-on mid-range choice with monthly plans costing anything from $5 to $40.
What A machine is split up with each sector running as an independent server (or virtual machine) with designated resources. Onus The client is responsible for everything. Detail Entirely up to the user who chooses the operating system + software and configuration options as well as the DNS settings for their web server and sites. Pros Set up correctly security cannot be beaten. One user per box reduces risk. Cons The initial setup and maintenance can be daunting for noobs. That's where vpsBible comes in to quell the pain. 🙂 Suits Valued or mid to high traffic sites with a hands-on administrator.
- Unmanaged dedicated server analysis
Effectively the same as the above VPS option, but using an entire real server rather than a virtual slice that pretends (very well) to be the whole machine, monthly plans chalk up at anything from $60 to many hundreds of dollars.
What An exclusive box with the price pegged to the resource level. Onus Ditto the unmanaged VPS option. Detail Ditto the unmanaged VPS option. Pros Ditto the unmanaged VPS option. Cons Ditto the unmanaged VPS option. Suits High traffic enterprise-level sites with in-house IT people.
- Cloud hosting analysis
With managed and unmanaged options, these load-balanced server networks tend to work out slightly more expensive than VPS option.
What Effectively a network of VPSes. Clouds have scalable resource limits depending on traffic requirements (as opposed to having set resources which is the case with other hosting options). Onus More than with any option you'll have to trust your provider. Detail Depends whether managed or unmanaged but the client always has limited control over the provider's network and this is where clouds have security issues. Pros In the rare event of a server error another machine will pick up the slack to keep your site working. Cons Security is dubious due to data being networked. Claims of encryption are often false. Suits Sharing non-important files where privacy isn't an issue.
- Managed dedicated/VPS analysis
The kit is identical to the above unmanaged VPS and dedicated plans but this time the hosting company manages your server, costing that monthly from about $50 to many hundreds.
What An exclusive box or virtual machine that is pre-installed and ready to host sites. Onus The provider is responsible for the server but not for the site. Detail Not dissimilar to shared plans but with one user per machine. Pros Fewer headaches but as with managed shared hosting you must trust your provider. One user per box reduces risk. Cons Generic server images aren’t so easily bespoke-tweaked for example with custom logging options. Suits High traffic enterprise-level sites without in-house IT although managed providers are often receptive to providing users root access — in this case it’s important to have a contract setting out who does what to pinpoint accountability.
Choosing a web host
Web host support & community
In choosing a host there are so many considerations. One is the culture.
How receptive is support? For instance, is there live technical chat? How long does it take for a ticket or e-mail to be answered? Unmanaged providers, bear in mind, will generally not offer any depth of support.
Is there an active community? If not, run away. Very often it’s easiest to ask questions and scour for answers in a forum. Research a host by scanning threads, weighing up feedback and so on. Bear in mind that forums are sometimes censored by moderators and that, conversely, frustrated users can become a little unfairly hot under the collar.
Questions to ask hosting providers
Before signing up here are some questions to ask, not to the sales team but in the forum. Ideally, staff members will help, but the views of existing clients are often more valuable.
Bear in mind that while these questions are relevant to managed hosts, per se, particularly they’re key for shared hosts (who more often are found lacking). If you administer an unmanaged box, then these are issues to consider yourself, yourself being the system administrator.
- Are you running up-to-date versions of Apache, PHP and MySQL?
- Is PHP’s safe mode set to off?
- Is PHP’s register_globals set to off?
- How are my files hidden from other server users?
- Are you running mod_security?
- Is mod_rewrite enabled? (Also needed for pretty links.)
- Does this plan allow htaccess?
- Does it offer shell access via SSH?
- Could I run cron jobs?
- Do you offer an SSL certificate?
- Do you provide access logs?
Probably worth throwing in one more question: “Do you charge for any of the above?”
Don’t just check off yay-nay answers to these questions. We’re talking about hosting (and protecting) a time-consuming asset here, quite aside from the fact it could also be a part of your business. Where relevant and armed with your security knowledge from wpCop, ask for explanations. If any of the answers are “no” or if the accompanying explanations lack substance, keep shopping.