The Inherent Risks of Shared Web Hosting
The internet is teeming with sites hosted on shared servers. Known for their low price and ease of use, shared hosting plans are attractive for millions of website owners.
Having hundreds of domains hosted on a single server brings along several inherent risks and drawbacks. It is important to study and understand them in order to mitigate the impact on security and performance they might have on your website.
All security issues discussed below are quite common across the board.
To begin with, setting up a web server for a few hundred or a few thousand users is a tricky business. The challenge to secure the hosting environment from within and without is a mighty big one. A fine balance between functionality and security must be struck, so that all sites function smoothly, without being exposed to too much danger.
Sadly, sometimes all it takes is one careless user. Someone who has neglected to secure properly his or her website can become an easy prey. Hackers normally seek the weakest point of access, and if malicious software is installed on a single site, the chances of it spreading throughout the server increase dramatically.
That’s why it is crucial for the web hosting provider to deploy powerful protective mechanisms, which monitor all activity on all the servers at all times. These systems should be able to contain, analyze and eventually exterminate any source of suspicious activity.
Another line of defense is the server firewall. It must be set to allow normal traffic and block questionable connectivity attempts. Again, the sheer number of site owners, who must be permitted to connect via FTP and other protocols, makes this an arduous task. Providing the end users with the means for encrypted connections via Secure FTP or shell access reduces the danger by some margin.
Still, enabling the possibility for multiple simultaneous connections to the server makes it more vulnerable to Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
Speaking of DDoS, if one site is targeted by such attack, all websites hosted on the same server would either become inaccessible or incredibly slow. Attacks of this type flood the network with requests from innumerous sources, eating up all its bandwidth. As a result, all lines of communication to and fro the assaulted server are clogged, overwhelmed by useless traffic and the server stops responding to other harmless queries.
DDoS attacks are one of the biggest online threats in existence. Hosting providers must have a very well structured, flexible and powerful network, as well as a strong firewall to defend the entire infrastructure from such potent assaults.
Unfortunately, there is one common practice nowadays, which compounds this vulnerability: utilizing a handful of IP addresses for an entire server. Because of the global shortage of IPv4 addresses, reserving as few as possible for a server has become the industry standard. Should one address get attacked, all domain names hosted behind it would suffer too.
A shared IP address could undermine your website in other ways too, if another web page behind it conducts illegal or semi-legal activity. Chances are that said page would be eventually blocked or blacklisted by search engines, which would also compromise the reputation of the IP address itself. Effectively, this would compromise the reputation of your website too in front of the search engine algorithms.
Even if the server your site resides upon has multiple IP addresses and all other site owners steer clear from shady practices, the very presence of other websites could be detrimental. Most of the security issues mentioned above can be addressed to a great extent, but this one is much harder to predict.
Shared hosting means that a single server maintains the functionality of multiple websites. All resources like physical memory, RAM, and processing power are distributed among the hosted web pages. If one of them, for whatever reason, begins to utilize a great deal of these limited resources, all other sites would slow down.
Detrimental behavior like this cannot really be foreseen. It could be caused by a high volume of visitors, malfunctioning piece of code, defective plugin, scheduled cron jobs, backups of the site, etc. Proper server setup offsets such occurrences to a degree, but they cannot be avoided entirely.
After all these gloomy scenarios you might be wondering why on Earth anyone would decide to host their website in a shared environment. The main reasons are two: it is very affordable and requires virtually no technical knowledge. Either of the other two popular options, Virtual Private Servers (VPN) or dedicated servers, is quite expensive and needs skillful system administration.
Shared hosting plans are tailored for small and medium websites. Unless you are running a huge store or, say, an online casino, getting a VPN or an entire dedicated server is a serious overkill.
Besides, not all things with shared hosting are bad and beyond your control. Mostly all respectable companies have found ways to deal with the threats described here, reducing the risks manifold. It is in their best interest to do so.
More importantly, there are a few things you can do yourself to increase the levels of protection and performance of your website. For the latter, make sure that the site is as optimized as it gets. GZIP compression, limited or no redirections and optimized images are a few of the most common practices to achieve faster loading speed and reduced server utilization.
You can consult with the technical support team of your host about all standard optimization practices they might have.
There are also four steps to make your site reallysafe:
- change your access passwords for the site itself and for your hosting account frequently, and make sure they are secure;
- do not access the website via FTP, SFTP or shell from public locations and networks;
- if you use any sort of a Content Management System (CRM) like WordPress or Drupal, always update to the latest version available;
- do not rely solely on the hosting provider’s backups and regularly back up your site and its database locally on your personal computer and even on an external drive, if possible.
The first three measures should be sufficient to keep you out of harm’s way. If all else fails, your local backups would be there to save the day.
A completely risk-free hosting solution does not exist, but with a bit of diligence and effort you can minimize the danger and ensure the integrity of your data for good.
Shared hosting plans are the most popular solution for small to medium websites across the globe.
They are very affordable and easy to use, but sharing the resources of a single server with hundreds of other users inevitably leads to increased risks. Greater vulnerability to malicious activities and compromised site performance are among the most common dangers.
Find out which other threats are lurking out there and how the hosting providers deal with them.