Shared hosting, while affordable, can be a serious security risk for some sites – namely, those storing lots of user data. This means it’s important to determine whether a shared solution is right for your business.
You need to consider whether shared hosting is a secure enough option, especially if your business handles sensitive customer data through your website. By learning WordPress security best practices and some of the security issues that come with shared hosting, you can evaluate whether it’s worth the risk.
In this article, we will explore three reasons to reconsider using shared hosting for your business’ WordPress website.
1. Malicious Server Users Can Hack Into Your Site
Shared hosting (as you can guess by its name) enables many people to split resources on the same physical server. This approach makes hosting more affordable for everybody, though it comes with a few downsides. One of those is the chance that your site’s safety relies in part on everyone being equally security-conscious. One weak link is all it takes to bring you down.
When you share hosting, you’ve essentially opened yourself up to everyone else on the same server. In other words, if another user wants to, there are ways to gain access to your private section of the server. This also applies if a hacker gains access to another user’s site through poor front end security. This kind of security risk is called cross-site contamination, and is exploited through a process called Cross-Site Scripting (XSS).
There are a few ways you can address the risk of compromised accounts on your server. First, you can (of course) move away from a shared hosting account to a dedicated server to eliminate the risk of cross-site contamination entirely.
Second, you can hire a WordPress security expert on forums such as WPMU DEV’s Jobs & Pros to review and patch your site so it is impenetrable.
Finally, you can help secure your site from scripting insecurities by installing a plugin such as Wordfence Security. Regardless of whether you switch servers or hire a security developer, a plugin will help you monitor your site and lock down access to your scripts.
2. If Another Site Crashes, So Does Yours
As we introduced earlier, traditional shared hosting splits a single server between many users. This is a bit different than cloud hosting, which spreads dedicated resources across multiple servers. It is up to the shared hosting company to ensure resources are properly allocated between each user on a server for best performance. This means it’s on you to determine whether a shared hosting company is reliable and trustworthy.
One way the host can do this is through bandwidth limitations. Without this, if another site suddenly gets a surge in traffic and crashes the server, everyone else’s site will also go down. In contrast, bandwidth restrictions also mean traffic spikes can cause your site to crash the server too.
Bandwidth limitations essentially measure for certain amounts of data being requested from the server at a given time. For example, high traffic on a media heavy site would take up a huge amount of bandwidth. If you reach a certain threshold, the server automatically cuts you off, giving the ‘Bandwidth Limit Exceeded’ message to any further visitors until the end of the month.
To avoid other sites crashing yours, or having a site that can’t take in as much traffic as you can send its way, there are a couple of options to consider.
As we discussed, you can skip all of the shared hosting hassles by choosing a dedicated server, meaning that your site can handle significantly more traffic before overpowering its resources.
Alternatively, make sure you choose a hosting account with high enough bandwidth limits to allow decent traffic without also crashing the servers. To determine how much bandwidth your site currently needs, follow these steps:
- Estimate the average page size on your website. This will likely be in kilobytes (KB) or megabytes (MB). You can do this with GTMetrix or Pingdom’s Tools.
- Determine your monthly page views by multiplying the number of visitors by the pages per session. You can find these figures in your website analytics tool of choice.
- Multiply your page size by the number of monthly pageviews you get.
For example, if your pages are around 310 KB each and you have 3,920 pageviews every month, you’ll need just over 1.2 gigabytes (GB) of bandwidth per month.
Finally, when reviewing your bandwidth caps, you’ll need to speak with the hosting company’s representatives to ensure that the account you’re researching supports this much data.
3. There’s Little to No Control Over Improving Server Security
For all of the ways another person can hack into your account, front end security is the only line of defense truly under your control on a shared hosting account. This is still incredibly important and shouldn’t be discounted, but it’s a fairly severe limitation.
Shared hosting is technically managed for you, but the account’s priorities will be much different than dedicated managed hosting. Users are mostly looking for a good deal, so hosts often use the lowest common denominator settings across the board as they need to work for many people at once.
Additionally, it’s sometimes more difficult to get customized support or to request per-site improvements. For example, many shared hosting accounts won’t offer the latest versions of PHP because it’s potentially too risky to update with so many users on a server.
To take control of your server security, you’ll need to do a bit of research in advance. Of course, as before, you can go down the dedicated server route so that the configuration is customized to your WordPress site’s needs.
However, you can also scout ahead with a checklist of ‘must-haves’ and find a shared hosting account already set up using your custom requirements as the default setting. When choosing a host, look out for these essentials:
- Guaranteed uptime, 99.5% or higher if possible.
- Read the fine print on any host offering so-called unlimited bandwidth.
- Look for built-in Content Delivery Network (CDN) options.
- Check that they offer true round-the-clock support.
- Make sure that these technologies are available: FTP, PHP, Perl, Server Side Includes (SSI), .htaccess, Secure Shell (SSH), MySQL, and Cron.
- Secure Sockets Layer (SSL) certificates should also be available, with free and paid options.
These are just a few recommendations to get you started. It’s a good idea to also have your developer review your site’s needs, and have them compile a custom list of requirements to check for with each potential hosting company. Or, seek the best managed WordPress hosting with dedicated packages.
Shared hosting could put your business (and WordPress site!) at risk in many ways. If your business handles sensitive customer information through your site, it’s especially important to consider the risks before using a shared hosting account.
In this article, we’ve introduced you to three ways shared hosting puts your WordPress site at risk:
- Malicious server users can hack into your site.
- If another site crashes the server, so does yours.
- You have no control over improving server security.
What other questions do you have about shared hosting security? Let us know in the comments section below!