In the last post from our planned series of five articles about “What makes a website vulnerable” we shall share with you some important information about the security risks raised by a shared hosting server and differences between shared hosting and cloud hosting.
A shared hosting may seem a tempting idea especially for small businesses and those at the beginning of their road because is more cost-effective than other solutions. However, let’s see together why shared hosting may ultimately cost you way more than other hosting solutions.
How a shared hosting server works? Well, the answer is quite simple: a web hosting company builds a server on which it hosts multiple websites. Therefore, all these websites shall use the same resources of the single server. Two main problems usually arise from using a shared hosting:
1. The speed and performance of your website may be affected by the existence of tons of websites hosted on that single server;
In case of websites with high traffic, high volume you may want to reconsider the shared hosting solution.
2. It has some security limitations.
The websites share the resources (processor and memory) of a single server, including the security weaknesses. You may say that your website’s security level is the same as the security level of the weakest website hosted on that server. This can become quite frustrating as all your efforts to update your software, plugins and overall, to take all the necessary measures to keep your website safe may be canceled by the mess and lack of security measures of other websites on the server.
Everyone should build their online businesses having security in mind, so, when choosing shared hosting take in consideration that:
- you will share your IP address with the other accounts on the server, becoming a tempting target for web attacks, especially DDoS attacks and other information-based attacks. For example, after a website is targeted by the attacker, the other websites on the server may be easily discovered by reverse IP lookup;
- if hackers gain access to one website on the server, they will also gain access to the other websites and, in some cases, they can even analyze the CMS (Content Management System). Once the access to CMS is obtained, there are several vulnerability scanners that may help the attacker to quickly gather information about the running plugins and themes on the website as well as the stored usernames. We already explained in our previous article that plugins and themes have the ability to become malicious, so their security should not be underestimated;
- a malicious third party can provide authentic details and purchase the host from the hosting provider. Afterwards, it may disturb the service of the server or it may access the other websites on the server and use malicious data to harm them;
- you will not have access to PHP and Apache configuration of the server; therefore, you will not be able to implement measures for strengthening the server’s security. In this case you should check if the hosting provider has implemented certain security patches, such as Rack911 Patch, Bluehost Patch etc. as in case of Apache servers the attacker usually uses the symlink route to see the directories of any user on the server.
Cloud hosting, unlike shared hosting, is a service that exists on multiple servers. In this case, your website shall not be hosted on a single server (together with other websites), but shall be hosted on a cluster of servers. In other words, your website shall not share the resources of the same server with other websites, but shall be the beneficiary of multiple servers’ resources. Moreover, the cloud hosting has the capacity to adjust to traffic and performance by migrating your website from one server to another server.
Even though more expensive than shared hosting, the cloud hosting may be a better solution for an ecommerce business, as it offers:
- easy scalability – using the resources of multiple servers, it shall be prepared to meet the requirements of a business increases in terms of web traffic;
- faster page load time;
- storage space – especially for those who want to build applications for the clients;
- recovery of the lost data;
- better security than some shared hosting, as it has four major controls (deterrent, preventative, detective and corrective control). Also, it has incorporated encrypted algorithms to protect privacy and data.
As cloud hosting grants great advantages, for those decided to make the transition to cloud technology, we will present in our next article specific security threats and measures for this technology.