Hosting your website on a shared server is the most economic option by a long shot. Even the most expensive shared hosting plans pale in comparison with the fees for dedicated or virtual private servers.
However, the relatively low cost comes with limited possibilities to control the environment in which your site would reside. Consequently, this fact, combined with the very nature of the shared servers, increases the risks your web content faces.
Let’s examine the most common dangers and limitations shared web hosting inevitably brings along.
Shared hosting happens on a server, which supports multiple websites owned by different owners. Depending on the server size and capacity, it could host from a few hundred to a few thousand sites. All these websites share the same server space and computing resources.
This is the very reason why webmasters have quite limited access and control over the environment the site uses. From security standpoint, it is impossible to delegate full – or root – access to the server to each and every site owner. Root access means complete and total control over everything that happens on the server. All hosted websites, security settings, space allocation, installed protocols and extensions, etc., could be altered.
You can imagine how quickly a few hundred users with such absolute power would make anarchy reign supreme.
What is more, very few people have the necessary knowledge and experience to handle a server properly. Such individuals are called server or system administrators and usually are employed by the hosting providers to set servers up and manage them.
Now, the limited access for the individual site owners means that certain features of various programming languages cannot be installed at will. In many cases, upgrading versions of PHP or changing its default parameters can be done only by the support staff of the hosting provider. More often than not, installing extensions and libraries for various m languages cannot happen either without the help of the support staff. Sometimes, because of the server setup, it might be impossible to run some features at all, which could hamper the desired functionality of the website.
The proper enforcement of limited access is direly needed, though. For security reasons.
Which brings us to the risks shared hosting environment has inherently.
First off, all security settings on the server are made by the system administrators. This is not necessary a bad thing, especially when they know what they are doing. Setting up the server firewall properly is not an easy task. Securing the network of the hosting provider without undermining its performance is another tough cookie. Providing a reliable DDoS defense is even harder, for the Distributed Denial of Service attacks are becoming more and more powerful lately.
One thing weakening by default the security of a shared environment is the presence of hundreds of sites on a single server. However well they might be isolated from each other by the server configuration, if one website is compromised and something malicious is installed on its space, the risk of the infection spreading should not be underestimated. That’s why it is crucial to have a powerful tool monitoring the activity on all sites on any given server, shutting down and quarantining anything suspicious right away.
These elements could be considered standard and must-have for all hosting companies. While they have relatively small impact on the end-user experience, there are a few others, which matter much more for day-to-day operations.
The limited access discussed previously also restrains the range of executable commands, as they are quite potent. Used properly, they can make the job of a webmaster easy and smooth. Used with malevolent intent, they can grant access to server or network settings and wreak havoc.
Providing an encrypted way to upload changes to the hosted sites is also helpful in enhancing security. Secure FTP and shell access do the trick.
Educating the end users about basic security practice helps along the way too. By using complicated passwords, by changing them frequently and by keeping the Content Management Systems (CRMs) up-to-date, the hosting world would become a better, much safer place. If only…
These security concerns are common for mostly all shared hosting providers. Some address them better than others, but what else can the end user do to feel more secure?
The best practice on personal level is to back up your website regularly. Even though many web hosting companies make daily backups, it is a good habit to create local copies as well. Store the files of your site and its database on your computer and, ideally, elsewhere because PCs and Macs do get infected with nasty software too.
It is true that shared hosting takes away some of the control out of your hands, but ways to achieve what is best for your website always exist. For specific operations and upgrades, the support staff of the hosting provider is your best friend. And by updating your passwords and site-related software frequently, and by making regular backups you can enhance the security of your website manyfold.