You have just opened your small business, naturally, you have hopes of being successful and growing in the near future.
Now you need a website to let the world know you exist, so with all the research behind you, you decide to build your first website using WordPress, hosting on a shared server with visions of scaling up down the road. As a new startup, that’s all you can afford for now.
Should you use a shared host?
That depends, it is not a bad thing, as the majority of websites are using a shared server with no problems.
Pros and Cons of a shared server:
- Affordable, $3.95 to $10
- Easy to use, one click WordPress installs
- Comes with a control panel dashboard
- Fully managed, updates and maintenance
- No technical skills necessary
- You share resources with hundreds of other websites
- Your website speed will vary (sometimes slow)
- Potential Security Vulnerabilities (cross contamination)
- Limited to the software or apps provided by host
- Advertise “Unlimited” bandwidth and “memory” – Not True
Let’s address these cons or negative reasons
Since you are sharing a set amount of resources with hundreds of other websites, the performance of your website will vary. Say a particular website on your server is experiencing a high volume of views and downloads, it means less resources for you. The result, your website becomes sluggish. You can’t get around this issue on a shared hosting server, it just comes with the package.
With that being said, the hosting service you choose does make a difference. If you use one of the reputable hosting companies you may not even notice the difference.
I have a few small business clients that are satisfied with the performance, uptime and cost of the shared server they are using.
Shared hosting received lots of negativity from malware infection issues years ago due to improper server configurations and lack of experience. According to an article from PerezBox things have changed for the better today.
If you want to be safe on a shared server, it is imperative that you have a firewall running on your backend. If you oversee several websites than each site requires their own firewall to protect against Cross Contamination.
What is Cross Contamination?
“Cross-site contamination is when a site is negatively affected by neighboring sites within the same server due to poor isolation on the server or account configuration. This phenomenon is one of the greatest contributors to the VPS/Dedicated/Shared hosting.”[Sucuri Blog: 7/18/17 Tony Perez]
If you have a WordPress install, you need to lock down your website with a firewall. There is no excuse, WordPress is very fortunate to have tools available and you don’t need to have experience in security.
What is a Firewall?
“A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.” [Cisco]
Cloud-based WAF Firewall
Stops website hacks and attacks.
- Instantly Block Hackers
- DDoS Mitigation and Prevention
- Virtual Patching and Hardening
- Protect Brand Reputation
- Prevent Zero-Day Exploits
- Basic: $9.99 month
- Pro: $19.98 month
- Business: $69.93 month
Upgrade packages include additional features.
Visit Sucuri Website
Note: Check with your hosting provider, as some managed hosts provide Sucuri Firewall in their product package.
“Cloudflare’s enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.”
Many hosting companies offer a free version of Cloudflare. Unfortunately, only the Pro Plan incorporates a firewall.
- Basic: $0 month
- Pro: $20 month per domain
- Business: $200 month per domain
WordPress Firewall Plugins
“NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that sits in front of WordPress.”
Why is Ninja Firewall different from other WP Security Plugins?
NinjaFirewall sits between the attacker and WordPress. It can filter requests before they reach your blog and any of its plugins.
This is how it works :
Attacker > HTTP server > PHP > NinjaFirewall > WordPress
And this is how all WordPress plugins work :
Attacker > HTTP server > PHP > WordPress > Plugins
- Basic: $0
- WP+Editon: $39.90 Year per domain
Shield handles it all for you:
- Easy-To-Use Guided Setup Wizards
- Login Guard against bots (including Limit Login Attempts)
- Hack Guard scans files for unintended changes, e.g. code
injection into core files
- Automatic IP Black List
- 2-Factor Authentication
- Comments SPAM – block 100% of bot spam.
- Audit Trail & Logging
- Security Admin Users
- Core file scanners
- Block REST API / XML-RPC
- HTTP Headers
- Automatic Updates Control
- and much, much more…
- Free $0
- Accepts Donations
WP Security Plugins w/ Firewall
“Wordfence is the most downloaded security plugin for WordPress websites.”
“Our WordPress security plugin provides the best protection available for your website. Powered by the constantly updated Threat Defense Feed, WordFence Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of additional tools round out the most comprehensive WordPress security solution available.”
- Free $0
- Premium: 1 key, 1 year $99
- Premium: 25 keys, 1 year $29.86
- Complete pricing on website
“A COMPREHENSIVE, EASY TO USE, STABLE AND WELL SUPPORTED WORDPRESS SECURITY PLUGIN”
“All In One WP Security also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated.”
“Our security and firewall rules are categorized into “basic”, ‘intermediate’ and ‘advanced’. This way you can apply the firewall rules progressively without breaking your site’s functionality.”
“The All In One WordPress Security plugin doesn’t slow down your site and it is 100% free.”
- One-Click Setup Wizard
- Setup Wizard AutoFix
- MScan Malware Scanner
- .htaccess Website Security Protection (Firewalls)
- Hidden Plugin Folders|Files Cron (HPF)
- Login Security & Monitoring
- JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)
- Idle Session Logout (ISL)
- Auth Cookie Expiration (ACE)
- DB Backup: Full|Partial DB Backups | Manual|Scheduled DB
Backups | Email Zip Backups | Cron Delete Old Backups
- DB Table Prefix Changer
- Security Logging
- HTTP Error Logging
- FrontEnd|BackEnd Maintenance Mode
- UI Theme Skin Changer (3 Theme Skins)
- Extensive System Info
- Open Source: Free
- Donations accepted
Limited to the software or apps available
This is certainly true. On the other hand, most hosting providers furnish all the software and apps that a normal user would require: CMS, E-commerce, Blogs, Web Builders, Email, Security, Statistics, etc.
If you are a developer and require something more advanced, you probably don’t belong on a shared hosting platform anyway.
Advertised Bandwith Unlimited
A few hosting providers advertise unlimited bandwidth (or unmetered) for their shared hosting package. If this statement was really true, you would see many high traffic business’ and media download websites hosting on a shared server.
In most cases, there is an *(Asterisk) or link next to this statement. If you were to further click on the link, you can read their disclaimer. Examples:
“While of course, these resources are not infinite, we believe our customers should have all the resources necessary to build an online presence and 99.95% of customers will have more than enough disk space and bandwidth to meet their needs.” [Bluehost]
“However, that being said, we do require all customers to be fully compliant with our Terms of Service and to only utilize disk space and bandwidth in the normal operation of a personal or small business website.” [Hostgator]
“We don’t limit the amount of storage and bandwidth your site can use as long as it complies with our Hosting Agreement. Should your website bandwidth or storage usage present a risk to the stability, performance or uptime of our servers, we will notify you via email and you may be required to upgrade, or we may restrict the resources your website is using. It’s very rare that a website violates our Hosting Agreement and is typically only seen in sites that use hosting for file sharing or storage.” [Godaddy]
1) If you can afford it, you can bypass all this controversy by purchasing a Cloud or VPS hosting package from the start. Then you can eliminate the inconvenience of upgrading or migrating to a VPS server in the future, you are already there.
2) Nothing wrong with a shared host as long as you follow the guidelines listed in this post. I still have a few brochure/informational websites using a shared server with no problems. The owners of these sites are happy and saved lot’s of money after all these years. Of course, they average less than 100 page views a day.
3) If your shared host website grows in traffic, you will receive warnings from your host provider to upgrade. Trust me, they do monitor every server and can detect websites that are hogging all the resources. I have received several warnings my self.
Wordpress can survive on a shared host, but just remember there are limits.
Anyone have any thoughts?