May 24, 2019 by Oliver Sild
Over the years of being in the web security business, we have often seen people ask if the web hosting security is all they need. Whether you are in the lookout for the cheapest hosting, shared hosting, cloud hosting or WordPress managed hosting providers, we have got you covered with recommendations and advice on web hosting security.
To answer the question if you should rely on web hosting security, we’d need to dig deeper and talk about the different types of hosting companies and how they compare. Here are the 4 most popular choices to host your website.
Still one of the most popular choices by many people. The low price is mainly possible for shared resources. In fact, all the domains/websites on shared hosting environment share the resources with each other, so when you’re experiencing a surge of traffic, you might get the feeling of what you pay for.
The biggest issue with the security on shared hosting environments is what makes it so cheap – the shared resources. What happens on many shared hosts is that different websites are not properly isolated from each other, causing every single website to be infected when just one of the sites gets hacked.
Read more about the dangers or shared hosting here.
In reality, most of the hosting services online are managed by the service providers, but what has become known under the term “Managed Hosting” is services that manage WordPress specific hosting.
There are many service providers on the market who focus on WordPress hosting. It’s good for the ecosystem because their focus is on one specific framework, they know the quirks of WordPress and therefore can deploy better security practices.
Some fully managed web hosting companies do a great job at securing the sites. Some platforms come with suggested tools (plugins) for back-up and for additional security. We still see websites being hacked on managed hostings, but it’s definitely a smaller problem than on the shared hostings.
Cloud hosting has been a buzzword for some time already. Today we have cloud hosting giants who sell computing power on a large scale, such as AWS, Google Cloud and Microsoft Azure.
Setting up your custom environment on those infrastructures can be tricky for many, so cloud hosting platforms help you automate these processes. Eventually, you will pay for cloud computing power based on your usage + the fee for automation to a cloud hosting platform.
Cloud hosting platforms help you manage your servers more easily. They are similar to Managed Hosting but not explicitly bound to WordPress. They still have better options for hardening and for security tweaks than shared hosts, but if you don’t know what you’re doing it’s suggested to find someone who does (or go for a fully managed hosting).
You can think about Virtual Private Servers as computers somewhere tapped into a network where you have access to. On VPS, you need to build the whole hosting environment by yourself, from scratch.
The safety of hosting your web app on Virtual Private Server really comes down to your own skills and knowledge. As a highly skilled technical person, you might be able to set up a very secure environment, while this could be the worst choice for a less technical person.
When it comes to hosting, you get what you pay for. The less you pay for hosting, the fewer resources allocated to your sites.
It’s important to understand that hosting companies are in the hosting business, not in the security business. To make sure you can prevent malware infections and block fake traffic, you need a web application firewall.
So no matter what hosting type you use, web application exposes biggest attack surface and therefore web application firewall is essential.