How to create and secure a WordPress website

Making a WordPress site [03] Hosting

Updated: 31/03/2020.

“…and they lived happily ever after…” – this is the story people want to experience when choosing web hosting. Unfortunately, it is not that simple. That is why, in this post, I’ll give recommendations for good, reliable and secure hosting providers (short and simple, to save the time). Then explain why those are recommended, for those who want to put in the time and effort in order to know and understand how it works.

Contents:

  1. Hosting providers I can recommend for WordPress websites
  2. Due explanation of my hosting recommendations
    2.1. How can I choose a good hosting provider?
    2.2. Top 10 hosting providers, WordPress.org recommendations…
    2.3. Is VPS better and faster than shared hosting?
    2.4. “WordPress hosting”
    2.5. Phone support, or tickets?
  3. Conclusion


1. Hosting providers I can recommend for WordPress websites

HostMantis reseller hosting (affiliate link).

That’s it. If the project you are working on requires large resources, go with their “Enterprise hosting” – which is a beefed up shared hosting with enough resources for serious e-commerce websites. Reseller hosting is cool because you can create a separate account for each website/project. So in case of any problems/viruses with one, the others are protected. As if you took several separate shared hosting accounts. My HostMantis hosting review.

In case you want technical support to give you more “hand holding” as it is called, I would recommend Veerotech reseller hosting (affiliate link). Or their “Semi-Dedicated hosting” if the project requires a lot of resources. My Veerotech hosting review.

After you’ve chosen a hosting provider, opened a hosting account, they will give you nameservers that you should set up for your domain (unless you are using a separate DNS service).


2. Due explanation of my hosting recommendations

I will thoroughly explain my recommendations and reasoning. But, as any knowledge, gaining it (understanding it) will take you a lot of time and effort. I’ll try to write briefly and structure it all nicely so you can easily get to the parts that interest you the most. If I were selling something, this would look completely different, but since I’m not – it’s just facts and common sense. For those who want knowledge, to be more independent and able to choose well by themselves.

In other words: don’t take my word for it. Read, check all the information I gave and then decide for yourself.

Disclaimer: all the given information is “to the best of my knowledge” – nothing more, or less. When expressing my personal opinion, it will be explicitly marked as “my personal opinion”.

Now that’s out of the way, I’ll discuss the following dilemmas most people have:

  1. “How can I choose a good hosting provider?”
  2. “I heard / read top 10 hosting reviews that this other hosting is good, even WordPress.org recommends it!”
  3. “Isn’t a VPS better for projects that need more resources, VPS is faster?”
  4. “Should I get ‘WordPress hosting’?”
  5. “I like being able to talk via a phone with technical support, isn’t that better and faster than writing tickets?”

Before going to the above listed topics, I think that the following things should be explained, as I already have, in detail, with separate posts:


2.1. How can I choose a good hosting provider?

Tastes, preferences, priorities and websites differ. What works for me, might not be the best choice for you. That’s why I’d recommend reading this entire post and the posts linked from this one. It is a lot. But it will still save you months of your own research and figuring things out. Not because you should blindly take my word for it, but because you’ll get a clear picture of what to look (out) for, what to check.

Still, I’ll give some pointers for those who can’t read it all:

  • Start with a hosting that isn’t too bad (so you don’t have many technical problems, or viruses/hacks). The hosts given in chapter 1 will do for a start.
  • Secure your website and monitor if there are any attacks, or file changes. How to secure a WordPress website.
  • Check how many resources the website uses – are there any bottlenecks. Website resource usage testing example (read just the linked 5th chapter).
  • Before changing hosting, make sure your website is optimized. Series of posts on website optimization. Yes, that’s a lot of homework. Sure, you can just dish out 200 $ per month for a managed dedicated server, but depending on your website type, even that might not solve your problems. So eventually, you are left with: paying for outrageously expensive hosting, hiring someone to optimize and manage your websites, or learning how to do it yourself.
  • If there are issues even after the optimization, either technical, or security related, look for a higher resource plan, or another hosting provider.
  • Technical support is a separate matter which I’ve discussed at length here: Hosting providers’ technical support.
  • Write down all the problems you face and everything you don’t like, so you know what to look for when choosing a hosting provider.

I know, still haven’t answered the question: “how to find a good hosting provider?” Personally, on the entire Internet, I couldn’t find a list of recommendations for which I would be able to say: “this is a great list of hosting providers, I can confirm each and every recommendation”. Because everyone’s priorities are different.

The way I do it is use others’ experience and my research to make a shortlist, then test for myself to see if it works for me. My list of hosting recommendations. And a good list on digitalfaq website. Reading the rest of this post (and the linked ones) should help you make a better, educated decision by yourself, even though it will confuse you at first. Hence I gave straight recommendations in the 1st chapter, so you can study this at your own pace, until it all nicely “falls into place” and you know what’s what.


2.2. Top 10 hosting providers, WordPress.org recommendations…

I explained this in a separate post. I suggest you read the first two chapters from this link: BlueHost, EIG and hosting reviews.

Is it clearer now?


2.3. Is VPS better and faster than shared hosting?

On most websites, forums and live communication you’ll often hear something like this:

  • “If you need more speed/power, get a VPS.”
  • “VPS is faster and not more expensive than shared hosting.”
  • “Shared hosting means that all the websites share the same resources.”

People who recommend this, in the least don’t know who they are recommending it to, while at worst they don’t really know what they are talking about (my personal opinion).

What is a VPS (Virtual Private Server)?

Simply put, one large server is divided into several smaller ones, using something called “virtualization”. So many smaller servers are working using the hardware resources of a larger, physical server. Virtualization done properly results in VPS-s isolated from each other as if they were separate servers. With the main difference being that if physical server’s disk gets broken, for example, all the VPS-s are left with no disk (and are practically down).

What about the resources?

For example, let’s take a physical server with the following specifications:

  • Processor (CPU): Intel® Xeon® E-2176G 6 cores, 12 threads
  • Memory (RAM): 64 GB

Prize question: how many VPS-s with “2 vCPU cores and 2 GB RAM” can a hosting provider sell using one such server?

I’m afraid no VPS hosting provider will give a straight answer to this question (like: “on the physical server with these specs, there are currently X VPS-s sold”). But you can expect the number to be between 20 and 40, or more (64 is quite reasonable to expect I’d say).

Is this much different from “shared server where all the websites share resources”? You can pay a lot more for what is called a “dedicated VPS“. With such setup, the above noted physical server is used to sell about 6 VPS-s, so that each gets at least 2 physical CPU threads at any time, to use 100% all the time if needed. Though this costs a lot more than what is generally sold as “a VPS”.

This is called “overselling” and is nothing bad in and of itself. Similar situation is with shared hosting, of course. Those interested in more details (ie. why this is in fact good for the user) can read my post: Overselling vs Overloading.

I’d add that shared hosting providers who use CloudLinux allow for resource limitation and separation, so come very close to VPS providers in that account.

Software?

Most people are used to having some kind of control panel, so they don’t have to type everything using a command prompt. Often (not always, not with every VPS provider) only managed VPS-s (that are a lot more expensive) come with a control panel included in the price. For others, you have to pay for the license (and install & set it up yourself).

If you wish to use LiteSpeed, as the best way to speed up a WordPress website (using its great caching), you will need to pay at least 10$ per month for the license. The free OpenLiteSpeed won’t work with hosting control panels. In case you are running only one website on the VPS and not using more than 2 GB of RAM, you can opt for Free LiteSpeed license, but those resources (2 GB RAM, 2 vCPU cores) are easily available with any decent shared hosting account.

Similar goes for CloudLinux. If you are running more than one website on the VPS and want to prevent infection/hack of one website to affect all the others, you’ll have to pay for a CloudLinux license and install it on the VPS.

Of course, it would be good to have some sort of server antivirus protection. Licence costs for server antivirus solutions. There are free alternatives, that require more time and knowledge for installation, setup and updating.

With shared and reseller hosting, provider buys only one licence for the entire large server, so those costs are distributed among hundreds of users and don’t end up costing a lot.

Protection?

Do you know what the following terms mean, without googling: “WAF” and “mod_security“?

If the answer is negative, it is best to only look at managed VPS-s (starting from around 30 $ per month). Doing otherwise will probably result, security wise, in something like letting a person who’s never held a screwdriver to repair your car’s brakes.

I’m not writing this to discourage anyone from trying, learning and experimenting, quite the contrary. Just don’t put any “live production sites” on a server that isn’t secured. The worst case scenario is you get hacked without at least knowing about it.

Monitoring

With a managed VPS, hosting provider will take care of the basic protection, updates, configuration. Still, this is far from proactive, vigilant supervision. That service costs extra, starting from around 10$ per month.

VPS is a server. Small, virtual, but still a server. Server maintenance requires time and knowledge. It’s a job. Do you want to be a web designer, or a systems administrator? Server administration, unless you use automated tools and manage many servers, is not very profitable business.

If you are interested, find it fun, want to know more – by all means give it a go. Just don’t expect to be saving any money, unless you have loads of spare time with nothing better to do.

You can of course rely on luck – just get a VPS, put website(s) on it and have luck for a while (or don’t realize you have been hacked). I don’t like gambling, but many do. Everyone chooses for and by themselves.

Backups

Of course you will backup your websites. My favourite tool for backup automation is JetBackup. The licence costs from 6$ per month. Many shared hosting providers give this for “free”, ie. included in the hosting price).

If you bothered to install and set up your VPS, you will surely want to back up the server as well, not just the websites, so you needn’t do it all from start in case of a problem. How, where to, using which tool? It’s up to you to figure out and decide, I really don’t know.

Resources 2

In shared and reseller hosting environments, all the above listed processes and applications are provider’s worry. And they run on the entire large server, serving each customer when needed. With a VPS, they must all run on the VPS, for the VPS. Will those 2 vCPU and 2 GB RAM really end up faster & better than a shared hosting account with similar resource limits?

So I should avoid VPS?

VPS is a brilliant concept and a wonderful thing. What are the advantages of a VPS and when is it a good choice?

The main advantage of a VPS is that it allows a great deal of customization. On shared/reseller hosting servers, there is only one given setup. It is fairly universal, works for most standard stuff, but it is what is given. In case you need any special setup for your website, or application, you will need the freedom of a VPS to set “your” server the way you need/like.

The other advantage is much less relevant since the emergence of CloudLinux shared servers, but it still exists to a degree: a higher level of separation from other server users.

Finally, fully managed VPS from a reputable provider (KnownHost, Namecheap, or some other reputable VPS provider – affiliate links) rids you of most above noted worries – it just costs a lot (starting from around 100$ per month if you want cPanel, CloudLinux, LiteSpeed and proactive VPS monitoring).

VPS conclusion

VPS is about customization and separation, not about power/speed.

If that is not necessary, then you can get what you need in terms of resources from a good “Semi-dedicated (or Enterprise) Shared” hosting account. At a lower price and with fewer maintenance worries.

For those interested in more on this topic, great articles by the owner of digitalfaq.com:


2.4. “WordPress hosting”

Many hosting providers now offer something they call “WordPress hosting”. What is this, is it good for a WordPress website?

I’ll explain this using an analogy:

In the winter, I cycle with motorcycle gloves. They are quite good for winter cycling. But they are not what I’d call “winter cycling gloves”. Real cycling gloves need to be more flexible and don’t need any knuckle padding, not really.

Now imagine all the glove manufacturers selling all the gloves – motorcycling, cycling and general purpose winter gloves as “cycling gloves”, because cycling is cool and trendy. That is today’s situation with “WordPress hosting”.

So, while all the providers will sell you “WordPress hosting”, not all of them offer what I’ll define and call ” Real WP hosting™

What do I mean by this term? It can be two things, but such that one doesn’t necessarily exclude the other.

First thing concerns server optimization for WordPress. Which practically, without going into much detail, means that the same hardware can serve more WordPress websites. If those hardware cost savings are split between the provider and the customer, that’s good, though “WordPress hosting” usually costs more than “ordinary” shared / reseller hosting. This can also be used for better performance (ie. limiting the number of websites on one server) – it depends on the provider. With an addition of a CDN, which many such hosting offers include – that’s good.

The other thing is related to taking care of the clients’ WordPress installation. Some providers will for example prevent you from installing plugins that are known to be harmful, or take up too many resources. You can definitely expect to get more technical support help for WordPress setup, installation, tuning, any problems related to themes and plugins… Of course, if this is done properly, it must cost a lot more than “ordinary” hosting, where provider just makes sure that server and the required services are up and running – WordPress is your worry.

I have personally always considered this kind of hosting as needlessly (for me) expensive – always wanted to figure out how to set up and tune WordPress by myself. Preferring a bit more freedom. Though, if this kind of hosting is done properly, it can be really good – ” Real WP hosting™ “.

So real managed WP hosting is like choosing to pay someone to patch your bike’s flat tyre, instead of doing it yourself, to use the cycling analogy from the start of the chapter.


2.5. Phone support, or tickets?

Hosting providers I’ve recommended don’t offer technical support over telephone, only using ticket system. Many people like “being able to call, talk to a man”. Since I have lots of experience from “both sides” of technical support, I’ll explain why tickets are better.

If you want a technical support person to stop whatever they are doing, talk to you and work only on your problem, that takes a lot of time – and costs a lot. What happens when you write a ticket, instead of calling?

  • The sole process of writing a ticket sort of forces you to describe your problem more clearly. Now, this might take you more time than calling, though even that is questionable, since you can get straight to the point – no “hello, did I get technical support, my name is, my website is, how do you do…”.
  • People can read a lot faster than they can listen, which means that technical support will understand your problem more quickly. If you don’t believe me, try reading this text out loud, instead of reading it “normally”. You can measure the time over a few paragraphs and compare.
  • Everything you write and everything tech. support replies stay written, in a chronological order. This makes troubleshooting much easier and avoids many misunderstandings.
  • No one knows everything, but there’s always someone who knows. Technical support engineer can easily and quickly ask a colleague, or several colleagues to take a look at the ticket number #0953549 and give advice, or solve the problem. Much more efficient than describing it all over and over again.
  • Finally, if there are 10 problems such that 9 take 1 minute to solve, while the 10th takes 30 minutes, tickets allow quick resolving of the problems so that only the client with the 30-minute problem needs to wait longer (39 minutes in this example).
    Imagine phone support and that the 30-minute problem gets reported first! This would mean that all the 10 clients would wait for over 30 minutes.
    More phone lines? Sure, but that requires more people employed with technical support, which means more expenses, so clients end up paying (i would say needlessly) more.

Now, there are hosting providers who offer telephone support, or at least live chat. In order to cut costs to a reasonable amount, hosting providers will not hire experienced engineers to answer the phone/chat. They will hire “novices”, working for smaller pay (1st level tech. support). So you will get a quick reply, but the reply will often be “thank you, we are looking into it”. In case the problem is more complicated, 1st level support will still have to relay it to a more experienced colleague. Which takes more time.

Do you want to chat for 20 minutes, or wait 10 minutes for a ticket reply, but have that reply be: “it’s solved, let us know if you have any other problems”?

If you are interested, I wrote a longer post about hosting provider technical support.


3. Conclusion

Finding a good hosting that works for you is not very easy. If the budget is “tight”, it is next to impossible. Even if it sounds like bragging, I recommend starting from my list of recommended hosting providers. Write down all the problems, everything you don’t like, explore, listen to feedback from people you trust and search on (if you don’t like the above recommended).

And definitely make backups and be prepared to migrate your site in case even a good hosting provider changes policy and becomes bad for you.

Useful resources:

Share...

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.