What Is Secure Hosting?
Security is an important concern when looking at a web hosting plan. But there's no single feature that makes one hosting platform more secure than any other.
Rather, a constellation of individual factors contribute to overall web hosting security.
Most web hosting companies are engaging in at least a few of the standard security practices, but that doesn't tell you how secure they are compared to competitors.
It's important to look at a number of different security measures that you and your hosting company might take to keep your site secure.
Common Hosting Security Features
So, what types of features would make a host more secure?
The most common hosting security features include:
- DDoS Protection
- Virus Protection
- Security Protection
- Spam Filter
- SSL Security Certificate
- Domain Name Privacy.
Below, we look at what the most popular hosting security features are, what they protect your site from, and how they work.
You may have experience with firewalls on your local computer: it's software that stops users from accessing certain types of content or specific websites.
Web server firewalls are similar but in reverse.
What Is a Firewall?
A firewall is a piece of software that filters request activity before it reaches the webserver.
Firewalls block requests based on a number of different factors.
IP-address blacklists are the most common type of filtering, blocking connections from known offenders.
Most web hosting companies have some kind of firewall.
Often, the firewall is shared by many customers, so requests blocked from accessing your system would likewise be blocked from accessing another site.
This is especially true for shared hosting plans.
What Is a Dedicated Firewall?
Some hosting companies offer something called "Dedicated Firewall" as a service.
This allows for specific rules to be made concerning who is (and isn't) blocked from accessing your website.
This is usually not needed, but it can be if you process especially sensitive information.
For example, white lists from sites sharing the same firewall can be a potential attack vector.
DDoS, or Distributed Denial of Service, is a type of attack where thousands of requests are sent to a website all at once, overloading its ability to process them and effectively shutting the site down.
Who Launches DDoS Attacks?
DDoS attacks are usually automated and the request volume comes from a distributed network of (usually hijacked)computers.
DDoS attacks have been launched by:
- Online activist groups
- Organized crime rings
- Government agencies.
What Is DDoS Protection?
DDoS protection requires a number of related tactics, the core of which involves analyzing DDoS activity so that requests related to the DDoS are blocked while legitimate traffic is still able to get through.
Many web hosting companies, and even several CDNs (Content Delivery Networks), have some kind of DDoS protection.
There are a number of computer viruses live on the open web, and they can seriously compromise your sensitive data and your operational integrity.
A secure web hosting platform must include a robust anti-virus system that is updated regularly and consistently monitored.
What to Look for in Anti-Virus Protection
This security system must not only protect the datacenter where your website is hosted but have back-end protection for each individual site as well.
The datacenter protection protocols differ on a host-by-host basis, but on a server level you'll want to look for bundled software like Sitelock, Incapsula, or even Cloudflare CDN integration.
No matter how secure your web hosting plan, there is almost always some possibility of an attack.
No system is fully immune.
For this reason, especially sensitive data should be protected with live security monitoring.
This means that a computer system is constantly analyzing traffic and activity, and will report to a live human if any anomalies show up.
The site manager can then quickly deal with the problem if there is one.
HTTPS / SSL Security Certificates
If you are asking for users to enter sensitive information, or are showing sensitive information to your users, you need to make sure that your plan has an SSL Security Certificate, which allows it to work in HTTPS mode.
Google considers SSL to be good practice for all sites and as of 2018, Google Chrome began marking sites without SSL as "unsafe."
HTTPS creates a secure, encrypted communication channel between the user and the website, protecting from data like credit card and Social Security numbers.
Email Spam Filtering
Email spam doesn't comprise a significant threat to site security, although a massive influx of emails could potentially cause the same problem as a DDoS attack.
Email spam filtering is a second layer of security, the kind of protection you use to make your experience more pleasant - it protects more than your website.
Anti-spam protection is the most common form of email account security and will help you in more ways than just stopping the onslaught of spam emails.
For example, spam filtering can help keep email storage costs down, it'll decrease the chances of you missing an important email, and can help prevent negative backlash on your reputation.
Domain Name Privacy
When you purchase a domain name, your name, address, and other contact information becomes available for anyone who wishes to have it - unless you purchase domain name privacy. This type of protection, often offered through your host, keeps your information private.
Similar to email spam filtering, domain name privacy is more about protecting you than your server.
However, depending on the nature of your business, this might be an important consideration.
Are Certain Types of Hosting More Secure Than Others?
When looking for the perfect secure hosting environment, you've undoubtedly come across a variety of different options: dedicated, managed hosting, VPS, shared hosting, WordPress hosting, e-commerce hosting.
The hosting environment you choose will have a direct impact on your overall security.
Adding Security Features
Most hosting environments can be improved by adding firewalls, installing site-wide apps, or installing additional software.
But, some styles of hosting will be much more secure right out of the box, as we explore below.
Shared vs Dedicated Hosting
Shared hosting will probably be the least secure type of hosting, since you'll be sharing a server with dozens or hundreds of other sites. But, this depends on the security protocols of your shared host.
For example, some shared hosts employ 24/7 server monitoring, encryption, spam protection, and even offer integrated CDNs.
All of this will help to improve the security of your site without much additional effort on your end.
If you need to protect your website from censorship or certain types of regulation, an offshore web hosting company may provide security against lawsuits, take-down notices, and other types of government intrusion.
Is Managed Hosting More Secure?
Managed hosting environments tend to have a higher level of security as there are fewer sites using server resources, and site-specific security measures can be put in place. For example, if you're using a WordPress managed host then your server environment will be uniquely configured to protecting the WordPress CMS, and the support team behind you will have in-depth technical knowledge related to the platform you're using.
With managed hosting, some hosts also take responsibility for keeping your site up to date, which can plug common security risks.
Use Good Software and Keep It Updated
The most secure hosting environment in the world will not keep you safe if you use software with exploitable security bugs in it.
Using well-respected software, and keeping it updated as new versions are released, will help protect your site against a number of malicious attacks.
Security for E-Commerce Sites
Generally, an e-commerce host environment should have higher security standards in place as you'll need additional levels of protection for collecting and storing sensitive customer data, like credit card information.
Some security features of e-commerce hosts include:
- Bundled SSL certificate
- PCI-compliant payment processor
- DDoS protection
- Regular backups
- Server and sitewide firewalls.
Server environments like dedicated and VPS hosting can either be more or less secure depending on the user.
Without the proper system admin knowledge, you run the risk of creating a much less secure hosting environment.
You do have the added benefit of being the only site using the current server resources, but, again, this will depend on your ability to make the most of this environment.
Should I Choose VPS or Dedicated Servers?
Using shared hosting opens up your site to a possible security risk, because an attack on any other sites on the same server could have repercussions for your site.
Hosting companies go to a lot of trouble to make sure this does not happen, but it is still inherently safer to use a VPS (Virtual Private Server) or a Dedicated server than sharing a server with dozens or hundreds of other websites.
As an added bonus, going with a VPS or dedicated server will offer much more disk space, so you can grow your site as you see fit.
What Should I Look for in a Secure Host?
Keeping all of the above information in mind will help you get started finding the right secure host for your needs.
Here is a list of features to keep in mind when looking for a secure host:
- An included SSL certificate, or the option to purchase one easily
- The ability to process secure credit card payments
- Two-factor authentication to protect website and server logins
- The option to upgrade to a more secure managed hosting environment
- Inclusion of the SiteLock security tool that scans for malware and vulnerabilities
- Email anti-spam protection included
- Bundled automated backups and system restore points
- Regular network monitoring for unusual site traffic activity
- Ability to assign user permissions on a site and server level.
Top 3 Secure Hosts
It's easy for a web hosting company to claim that they are "secure," because that word doesn't have a clearly-defined technical meaning.
This can make it difficult to choose a secure host.
The three below are a few of our favorite options for those looking for a safer, more secure host.
With a managed host your host will manage every element of your server environment, including your security. LiquidWeb provides some of the most secure managed hosting out there. With 100% uptime and a top-notch development team behind you, security isn't something you'll have to worry about.
If you're in the market for a dedicated host, then InMotion is one of the top options to consider.
It boasts incredible security features including two-factor authentication, a security adviser that offers security recommendations, auto-updates and DDoS protection, plus integration with many popular security plugins.
If the options above are a little to feature-rich or pricey for your needs, then maybe all you need is a shared host. Bluehost can offer you an incredibly secure hosting environment.
This host offers you competitive hosting packages with security features like automatic updates, regular malware scans, and account isolation features to protect sites running on the same server.
Other features in Specialty
- Multiple Domain hosting
- DDoS Protection
- Domain Name
- Streaming Audio/Video
- Green Hosting
- Unlimited Sites
Security Frequently Asked Questions
- What is secure hosting?
Secure hosting is an approach to web hosting with a focus on keeping a website and its visitors safe from cyber attacks. At the most basic, a secure host will provide security for its physical servers.
Beyond that, it will provide security against online attacks like DDoS. It also provides protection like SSL certificates that encrypt information flowing from the web site to its users.
- Is shared hosting secure?
Shared hosting can be secure. The same things that make VPS or dedicated hosting secure apply to shared hosting. However, shared hosting comes with specific security threats because of shared configuration.
There is also the potential for security failures on other sites affecting you. If you want the most secure hosting, you are best to go with a VPS or similar plan.
- Which hosting provider is the best?
Every web host offers different advantages and disadvantages. When it comes to security, it matters what you want to do. Overall, we recommend SiteGround. However, WP Engine is an excellent choice if you run a WordPress site. And if you are looking for environmentally-friendly hosting, GreenGeeks is an excellent choice.
- How do I install an SSL certificate?
Some web hosts that provide SSL certificates require you to install them via your control panel. This is normally easy-to-do with a point-and-click interface. Contact your host's customer support team if you have questions.
If you wish to use a Let's Encrypt SSL certificate that isn't integrated with your hosting, follow the instructions provided by them.
- Is Linux more secure than Windows?
At one time, Windows computers were less secure than Unix machines like Linux and FreeBSD. That's not really true anymore, especially when it comes to Windows server operating systems. There are still many reasons why you might choose one operating system over another, but you should be able to get good security with either.
- Is GoDaddy hosting secure?
GoDaddy is a trusted hosting industry leader that features 24/7 security and DDoS protection. Since they provide low-cost hosting, many security features (like SSL certificates) are hosting add-ons.
If security is a big issue for you, GoDaddy should be able to provide you with the tools you need.