14 Web Hosting Security Best Practices (2017) — Top Hosts & Servers

When we think about website security, the highly publicized breaches of major companies come to mind. Multimillion-dollar security leaks involving exposed credit card information, login credentials, and other valuable data are covered extensively by the media, leaving one to believe only large-scale businesses are susceptible to online security risks

Don’t be fooled. Security standards are vital to the well-being of any website, large or small. That’s why site owners are often bombarded by warnings of security risks in tandem with the sales pitches of many hosting providers. How do you separate the sales hype from the real risks?

Education is the first step to protecting your online brand. Here, I’ll cover some best practices to follow in your website management operations, as well as some key security features to look for in a prospective web hosting company.

Web Host Security Features to Look for

Most of us will use a hosting provider and select one of their plans. The services fall on a spectrum ranging from shared hosting to dedicated server hosting. The hosting provider will take care of many security measures, but, depending on the plan you select, you should ask questions to learn exactly which features the company provides and what you need to do.

1. Backups and Restore Points

People often overlook backups as an element of security. Backups both provide and require security. Backups must be kept in a secure location away from the main server, following the other security steps we will outline. A secure backup provides a trusted repository for the latest copies of the system and data that can be deployed to restore a known, clean system to operation.

Redundant website backups is a mission-critical security feature we look for when conducting host reviews.

It is important to ask about a hosting company’s backup schedule and restore policies. For example, how frequently are backups conducted — weekly, monthly, or daily? Will the support reps help you restore your site from backup files, or are the backups intended for their use only? Will the team find and restore lost or corrupted files or will they only do a complete replacement from a recent backup? Will the hosting service only use the most recent backup or can you request restores from further back in time, and if that’s the case, how far back in time can you go?

2. Network Monitoring

Does the host provider monitor the internal network for intrusions and unusual activity? Diligent monitoring can stop server-to-server spread of malware before it gets to the server hosting your site. Ask for some details on how the support team monitors the network, whether the staff is dedicated to this function, and what the engineers look for. SolarWinds’s guide to network monitoring best practices details several procedures and policies that any good network management team should follow.

3. SSL, Firewalls, and DDoS Prevention

Distributed-Denial-of-Service (DDoS) attacks happen when an overwhelming amount of traffic is sent to your site, rendering it useless to visitors. Prevention starts at the edge of the network with a good firewall. However, there are limits to how well a firewall stops DDoS attacks.

Can your provider give you some sense of what intrusions the company’s firewalls are likely to stop and what other measures the security team employs? If you have a plan in which you manage your own server, you will need to know how to augment what the hosting service provides. At what stage will the network monitoring folks inform plan owners of potential problems that might affect their site?

Does the provider make SSL certificates available? It will be your responsibility to implement SSL, but you can’t if it is not available. We’ll get back to this in section 12.

4. Antivirus and Malware Scanning and/or Removal

You should understand which protective actions your hosting provider will perform and what you must do on your own to protect your website. Does the support team run scans on the files in your account, and can you see the reports? If your account becomes infected, does the support plan include help in identifying and removing the malware? The server security steps we describe starting with step 6 will take you a long way toward keeping malware off your website.

5. High Availability and Disaster Recovery

Look for a hosting company that will keep your site running with 99.9% uptime or better. This goes beyond file-level backups. Is a bare-metal image available for your server? This is a complete copy of a clean, functioning server operating system for a speedy recovery from system failures.

The host’s network should have redundant hardware to guard against downtime caused by hardware failures. Firewalls can be configured to run in pairs, with each one ready to take over the full load in case the other one fails. The same concept extends to servers. Hardware failover is an important component of high-availability networks.

Your host should not only protect your site with threat mitigation but be there to help you recover when disaster strikes.

Load balancing is another high-availability feature. In this case, multiple servers are ready to handle server traffic. They all work with the same copy of your website data stored on a network shared drive and hand off traffic to each other so that no one server becomes overburdened.

Server Security Best Practices

If you have a plan that provides a server without management support, you may have to do some or all of this on your own. If your plan does include some degree of hardware and/or software management support, the following will give you an idea of which questions to ask or what the support people are talking about.

6. Access and User Permissions

At the host level, access means physical access to the machines, as well as the ability to log into the server. Physical access should be limited to trained technicians with security clearance.

You and your host company should use Secure Socket Shell (SSH), or equivalent, to log into the server to maintain the operating system (OS) or the website. For extra security, use RSA keys protected by a passphrase. Digital Ocean and Rackspace both have tutorials on how to do this.

Another good security step is to whitelist IPs that are allowed to access the server for maintenance. This can be done and modified through the hosting company’s control panel provided for your account. You should also disable logins from the user root. Malicious players will commonly attempt to exploit this access point because the root user has full administrative privileges. You can always give equivalent permission to authorized admin logins.

Files are protected by file permissions. Incorrect permissions cause time-consuming errors, and it is tempting to fix these errors by granting full permissions to all files. Don’t do this. It gives any criminal hacker full control of your system if they get in. Sucuri’s guide to website security includes a primer on correct file permissions.

7. File Management

All access to your server is remote. No one will go to the server to add, remove, or move website content files. You should use secure FTP (SFTP) with a secure and robust password for all file transfer and maintenance while also following other FTP and SFTP best practices.

8. Applications and Logins

The hosting company should have a strict password policy for employees with mandatory password changes at regular intervals as well as when equipment or personnel changes. You should have similar policies for your server access passwords. Establish and enforce policies for strong passwords. Those who want to can exploit weak passwords within hours.

Remove any unused, unmaintained apps on the server so no one can exploit unpatched vulnerabilities. Install — and maintain — utilities that monitor the server CPU, disk use, memory use, and application uptime.

The databases on your server are potentially vulnerable targets for online criminals. UC Berkeley provides a guide to hardening databases against attacks.

Coding and Website Security Best Practices

The security of your website software and data files is your responsibility, even with a managed hosting plan. As a webmaster, you are responsible for managing your content and your site’s functionality. The hosting company does not know what you want on the site or how you want it to function for your site visitors.

9. Passwords and User Access

At the website level, you will have passwords for people who administer the site, guest authors, and potentially website visitors, depending on the nature of the site. Establish and enforce password strength policies for everyone who has backend access.

Enforce password strength policies and require site admins and contributors to update their credentials regularly.

Admin staff and guest authors will need a stronger password because their accounts have potentially greater impact on your site. Enforce changes after any suspected hacking attempt or when updating the content management system (CMS) or other software. The info@yourdomain.com address/username is commonly attacked and should not be used. Use secure password managers to generate unique complex passwords.

Each account holder should have the fewest privileges needed to do their job. For example, never give admin privileges to a guest author. Your CMS should have a level of privileges that allows them to upload and edit their post and nothing more. Each person should have his or her own login so they are held responsible for all changes made by that account. High-level admins can monitor the activity of all accounts.

Never allow unrestricted file uploads. Limit uploads to the types of files your users will really need to upload, and exclude scripts or other executable code. An uploaded executable file coupled with poor file access settings will give an intruder instant control of your website.

Your server config files include settings that restrict access to your files, such as browsing directories, and protect folders containing sensitive information. See the OS-specific section for more details.

10. Plugins, Software Updates, and Backups

Always keep your CMS and software updated. Latest versions are patched to fix all known security holes. Change any default settings, such as the admin login name, that individuals can find and use to break in.

When installing plugins and other software, consider the code’s age or the date of its last update, as well as the number of installs. These metrics give you an idea of the safety and reliability of the product. If it is inactive, it probably has not been vetted for security holes. Be wary of the source of the download for this software. Third-party sites may have added malware to the package.

Your website content is not secure until you have automatic, frequent, and redundant backups conducted. The backups should be stored apart from your main server. The idea is to protect your content against said server’s potential failure. A backup that is on the server will often fail along with the server, depending on the nature of the disaster. The backups should happen frequently enough to capture changing and new content, and they should happen without needing someone to remember to start them each time. Test the backups to be sure that the system is working. Check these critical website best practices for more ways to develop a sound backup strategy.

If you have custom themes, plugins, or similar software, it is a good idea to keep fresh copies of the install files. If they have malfunctioned or been compromised, that problem will be saved on the backup. The install files ensure you can get back to a pristine working copy.

Keep in mind that a backup gets your site back in a hurry, but it does not fix the underlying problem that crashed it. For example, if someone used an exploit to penetrate your site, that vulnerability still exists in the backup copy and needs to be fixed right away.

11. Code Reviews

A code review is an in-depth check of an application after development is complete and it is ready to be released. This is best done with a mix of automated tools and human inspection. The review is conducted in the full context of using the app — from login and authentication to data processing, encryption, and storage.

Code reviews and QA should be a non-negotiable part of your development workflow.

Be wary of SQL (Structured Query Language) deviously inserted into your website files by a third party. SQL injection is a method in which an attacker responds to an input request, such as username, with a valid SQL command. These commands can access data or delete it. Microsoft’s guide to SQL injection describes the attacks in detail and suggests ways to mitigate the risk such as with the use of session variables.

12. Encryption, Firewalls, and DDoS Protection

A web application firewall (WAF) monitors HTTP traffic to and from specific web applications. This provides more specific security than a network firewall, which does monitor HTTP, but does not understand the specific requirements of a web application. A WAF can be configured to prevent SQL injections as well as other techniques such as cross-site scripting and probing for vulnerabilities.

Although DDoS prevention should be enacted at the network level, attackers may use one or a combination of several methods to flood your servers, and site owners must respond and protect themselves accordingly. Several noteworthy security leaders, including Cloudflare and Incapsula, offer advanced mitigation and prevention tools and services that can be employed to help keep sites safe.

Finally, SSL (secure sockets layer) technology is required when sensitive data is transferred to and from the server. An SSL certificate does not secure your server from attacks or malware, but rather encrypts and secures communication between your server and the person using your site. By using SSL, you are securing your customer’s information and keeping their trust in your site.

Operating System Security Best Practices

Some of the measures that you take will depend on the operating system of your server. Web servers run either on Linux/Unix or on Windows. You usually choose this when you choose the hosting plan.

13. Linux and Unix-Based OS

The server config file on Linux servers is called .htaccess. You can set rules in this file that prevent directory browsing and other activities that could expose sensitive information or open the server to other vulnerabilities.

Although the PHP (hypertext preprocessor) language is more available and convenient, there are risks to using it on these servers. These OSes have a permission called executable, which means the file can execute code. It is important to limit executable commands when using PHP. This is where a code review is beneficial.

In general, Linux/Unix OSes have fewer known threats and a faster response. SELinux and AppARMOR are two security extensions that are used with these servers.

14. Windows OS

Windows servers have user privileges, such as executable, limited by default, and admins must enter passwords to gain high-level permissions. Security measures are guided by the Security Compliance Manager function on these servers. The config file where access restrictions are set is web.config. Microsoft provides a guide to security best practices. Although there are more known security holes with the Windows OS, trained Microsoft programmers patch flaws and release updates and are available to respond to incidents.

10 Providers with the Best Hosting Security Standards in Place

Our staff members at HostingAdvice.com have reviewed various levels of hosting plans to find the best providers out there. Here are our recommendations sorted by the type of hosting plan.

Most Secure Overall: #1 Managed Hosting Provider

Managed hosting means your host handles the hardware while you manage your website content and software. This type of premium hosting service minimizes the amount of hands-on IT work your team is responsible for, and the burden of security maintenance — at least from a server infrastructure and operating system point of view — is predominantly placed on your hosting company’s shoulders. And while there are several levels of management available depending on the provider and plan you choose, we find managed web hosting to be your best bet for hassle-free, secure web hosting. See our expert-rated pick for managed hosting services below:

MANAGED RATING
★★★★★ 4.9/5.0
  • Choice of self-, semi-, or fully managed services
  • Enterprise-grade Intel hardware
  • Linux or Windows operating system
(read more)
Starting Price/Mo. $79.00
Money Back Guarantee N/A
Disk Space 211 GB - 1,775 GB SSD
Domain Name New or Transfer
Managed Hosting Plans www.liquidweb.com/managed
Our Expert's Liquid Web Review
Liquid Web's strong suit is their managed dedicated server hosting. They own and operate three state-of-the-art datacenters in the US and have over 50 developers working tirelessly to build and maintain custom solutions for added performance and... read more + Liquid Web's strong suit is their managed dedicated server hosting. They own and operate three state-of-the-art datacenters in the US and have over 50 developers working tirelessly to build and maintain custom solutions for added performance and security.Fully, Core-, or Self-Managed — Plus Storm® ServersLiquid Web offers single, dual, and quad processor servers with fully, core-, or self-managed plans. All dedicated server customers reap the benefits and support of the Heroic Support® team and the 24/7 protection of the Sonar Monitoring™ team.Redundantly Built, Multi-Tiered NetworkFeaturing top-of-the-line Cisco equipment, the Liquid Web N+1 network is redundantly built to allow routing devices to quickly self-heal. They're designed to bounce back and correct system failures without interrupting the customer's connection. With the integration of premier providers, Level 3, Verizon, Comcast, Cogent, and Equinix, the Liquid Web network is optimized for rapid and fault-resistant performance.Highly Available Sites with the Tech of 50+ DevelopersLiquid Web boasted an incredible 99.995% uptime rate in 2014, a bragging right that's helped shape their reputation for performance. With the maintenance of 50+ developers, the Liquid Web infrastructure is engineered to evade and survive typical site disasters.24/7 Proactive Protection from the Sonar Monitoring™ & Heroic Support® TeamsShould disaster strike, the Sonar Monitoring™ team is trained to catch the issue first, performing system-level health checks and patches 24/7, so they can hopefully have it handled before you're even aware of the situation. Meanwhile, the Heroic Support® team of 300+ experts is available anytime to help with any troubleshooting need.Storm® Servers & Add-OnsFor the dev nerds out there, one of our favorite facets of Liquid Web as a hosting provider is the commitment to in-house-built technology. All of their team members' experience and expertise becomes very evident once you check out their custom Storm® Platform.All the Power Plus All the FlexibilityIf you're in need of dedicated resources, drawn to the customization of the Cloud, and know you need screaming fast performance, the Storm® Dedicated Server may be your solution. These custom server systems allow for cloud-like flexibility that traditional dedicated servers aren't capable of, like instant provisioning and automatic migrations.Added Extras Make the Dedicated Cost a Done DealThe Liquid Web development team is constantly coming up with new Storm® Add-Ons, like Load Balancers, Block Storage, Object Storage, and a VPN. Think you can't afford such full-featured and flexible hardware? Think again. With pricing starting around $110/month, the Storm® Platform is great for the cost-conscious dedicated server shopper.Liquid Web Dedicated Servers in ReviewIf you want feature-rich dedicated resources and relentlessly reliable technical support, Liquid Web should be on your short list. They're known for strong managed service offerings, but the drawback to managed hosting is usually the cost. Liquid Web doesn't leave you hanging there though — in-house solutions like the Storm® Dedicated Server keep the cloud-level flexibility and performance up and the cost down. collapse info -

See more secure managed server plans »

Secure Dedicated Hosting

With a dedicated server, you are the lone customer. You have total control over — and responsibility for maintaining — your server’s hardware, software, and all-around security, although the hosting company may help with server-level operating system updates and security patches. Our leading recommendation for dedicated servers also happens to lead by example when it comes to security standards.

VPS RATING
★★★★★ 4.9/5.0
  • 50% off the first month with added discounts the first year
  • Real-time redundancy powered by a cloud infrastructure
  • FREE cPanel/WHM licenses with enterprise-grade CentOS
(read more)
Starting Price/Mo. $19.99
Money Back Guarantee 90 days
Disk Space 75 GB - 260 GB SSD
Domain Name New or Transfer
VPS Hosting Plans www.inmotionhosting.com/vps
Our Expert's InMotion Review
Boasting market-leading VPS hardware, slick management software, and free SSD drives and backups, InMotion offers the most attractive VPS plans you'll find anywhere. Each VPS plan comes with free SSD storage arranged in RAID 6,... read more +

Boasting market-leading VPS hardware, slick management software, and free SSD drives and backups, InMotion offers the most attractive VPS plans you'll find anywhere.

Each VPS plan comes with free SSD storage arranged in RAID 6, which is incredibly fast and secure. Each of their plans also come with an awesome amount of RAM for the server cost, so the speed-to-dollar ratio is high with this host.

InMotion’s VPS packages run on CentOS 6 Linux operating systems and all feature a license for cPanel. Each plan also comes with Web Hosting Management (WHM) software, making it super-easy to resell some unused server resources.

InMotion's reputation for uptime is second-to-none, with a solid track record as a large-scale VPS host and a large, friendly support team available at any time.

Lastly, InMotion has a 90-day money-back guarantee and offers a choice of datacenters, which are nice customer-centric features. Their support is top-notch and 24 hours. We highly recommend you check them out if you are looking for a VPS with great hardware and reseller options at a low price.

collapse info -
VPS RATING
★★★★★ 4.9/5.0
  • Only pay for resources you use with daily billing
  • 5TB of outgoing bandwidth and FREE incoming bandwidth
  • API access and cPanel available
(read more)
Starting Price/Mo. $29.50
Money Back Guarantee N/A
Disk Space 50 GB - 1.6 TB SSD
Domain Name FREE (1 year)
VPS Hosting Plans www.liquidweb.com/vps
Our Expert's Liquid Web Review
It's no secret by now that Liquid Web is known for best-in-class technology and reliability that exceeds expectations (from uptime to technical support). Their VPSs embody that reputation to its fullest — including a new... read more +

It's no secret by now that Liquid Web is known for best-in-class technology and reliability that exceeds expectations (from uptime to technical support). Their VPSs embody that reputation to its fullest — including a new Managed WordPress product (Hop one tab over to the WordPress Review for more info on this awesome addition.).

Perks of a Managed VPS: Support Meets Reliability

They offer a high-powered VPS solution as well as their in-house-built, cloud-based Storm® Servers, all of which are backed by their popular SLAs (service-level agreements) promising high uptime rates and highly reliable help from the Heroic Support® experts.

Better Performance with Liquid Web Virtual Servers

With high-powered SSDs and, of course, the Heroic Support® team, the VPS platform shines among the managed services offered at Liquid Web. You'll pay a bit of a premium for managed hosting, but there's a reason customers rave about the Heroic Support®, incredible SLAs, and excellent uptime rates.

SSD Power & Fully Managed Support

RAID-protected SSD storage comes standard for Liquid Web VPS users, which decreases latency and keeps your page loads fast and secure. They offer a range of management plans, as well as cPanel control and API access, so you get the perfect level of infrastructural management support for you and your site.

Cloud-Level Flexibility & Supreme Uptime

The Liquid Web VPS infrastructure was engineered with customer priorities in mind. These solutions are ideal for users that want cloud-like flexibility, such as billing by the day and custom configurations, but also seek the affordability of shared hosting. Customers can instantly provision and deploy their virtual server, easily upgrade, downgrade, clone, or resize, and only pay for the resources they use.

Award-Winning Heroic Support® & Sonar Monitoring™

Liquid Web's SLAs promise speedy response times and industry-leading performance. Their blazing fast and fault-resistant servers are backed by the round-the-clock attention of the Sonar Monitoring™ team.

Heroic Support® Team Helps Consistently Earn High Net Promoter Scores

Not only does the Heroic Promise ensure a Heroic Support® technician will get to you quickly, but their policy of Best Effort Support guarantees that they will attempt to help with any problem you encounter. That kind of customer support translates into customer loyalty, and it's a commitment that's rare and wonderful in this industry.

Sonar Monitoring™ Team Helps Yield Virtually No Downtime

In 2014 Liquid Web yielded an incredible uptime rate of 99.995%. With their wholly owned hardware being watched over and maintained by highly trained technicians, there's no reason to doubt their promise of virtually nonexistent downtime in the future.

All server statuses are watched around the clock by the Sonar Monitoring™ team, which is trained to detect system issues quickly, and ideally have problems resolved before a hiccup even shows up on your radar.

Storm® Platform, Private Cloud, & Add-Ons

In addition to a heroic army of support, Liquid Web has 50+ developers dedicated to the build-out and up-keep of custom solutions. A great example would be their Storm® Platform: an in-house innovation based on their top-of-the-line VPS infrastructure.

With automatic migrations and provisioning and easy scaling options, the Storm® Cloud Server offers all the SSD speed and custom functionality you want in an affordable, shared cloud environment. To give users even more options, Liquid Web developers are constantly working on new projects, including the latest Storm® Private Cloud functionality and their Block Storage, Object Storage, and VPN Storm® Add-Ons.

Liquid Web VPS in a Nutshell

If you want easy scaling, screaming fast speed, custom functionalities, and unparalleled support, look no further than Liquid Web for your VPS. They own all the hardware and have a rather large development team in their corner, so the technological possibilities are pretty much limitless. We'd recommend going with their custom Storm® Servers, which offer all the power, flexibility, and scaling options you'd require of a virtual or dedicated server with the affordability and ease of use of a shared hosting solution.

collapse info -
VPS RATING
★★★★★ 4.8/5.0
  • 2-4 cores and 4-16GB of RAM
  • Endorsed by the WordPress team
  • Redundant storage and optional SiteLock security
(read more)
Starting Price/Mo. $19.99
Money Back Guarantee 30 days
Disk Space 30 GB - 240 GB SSD
Domain Name FREE (1 year)
VPS Hosting Plans www.bluehost.com/vps
Our Expert's Bluehost Review
When comparing the performance versus price of VPS plans, Bluehost brings supreme value to the table. In addition to competitive pricing, they offer premium support and excellent uptime compared to other VPS options in the... read more +

When comparing the performance versus price of VPS plans, Bluehost brings supreme value to the table. In addition to competitive pricing, they offer premium support and excellent uptime compared to other VPS options in the industry. If you’ve outgrown shared hosting, or need the flexibility and security of a VPS, Bluehost is a great choice for you.

Bluehost’s virtual servers boast several benefits compared to standard shared hosting and other VPS offerings. The first is speed; Bluehost offers your choice of two or four cores and 4GB to 16GB of RAM with guaranteed resources, so you have the power you need when you need it. The second perk is security; Bluehost offers redundant storage and optional SiteLock protection to secure your data.

For those new to VPS hosting who may not know exactly what is needed, Bluehost makes it incredibly easy and seamless to switch between their plans to find the perfect package for you. If you have questions or need some advice, their wonderful support staff is standing by to assist 24/7.

Formed in 2003, Bluehost has long since been a hosting innovator and leader. Today, the company powers more than two million websites and carries the official seal of approval given by the WordPress.org team for their managed WordPress services hosted on their VPS platform. With years of experience, competitive pricing, and excellent support, Bluehost is a pick you can take to the bank in the VPS hosting space.

collapse info -

See more secure dedicated server plans »

Secure VPS Hosting

A virtual private server (VPS) is a virtual machine, a program running on a host computer that acts as its own entity or server. You share the host machine with other customers, but each virtual server is an independent unit under the full control of the customer.

You still get a lot of server-level control and responsibilities with the VPS route, and you’re less susceptible to the noisy neighbor issue experienced by shared hosting customers. Check out the experts’ top pick for secure virtual server hosting below:

VPS RATING
★★★★★ 4.9/5.0
  • 50% off the first month with added discounts the first year
  • Real-time redundancy powered by a cloud infrastructure
  • FREE cPanel/WHM licenses with enterprise-grade CentOS
(read more)
Starting Price/Mo. $19.99
Money Back Guarantee 90 days
Disk Space 75 GB - 260 GB SSD
Domain Name New or Transfer
VPS Hosting Plans www.inmotionhosting.com/vps
Our Expert's InMotion Review
Boasting market-leading VPS hardware, slick management software, and free SSD drives and backups, InMotion offers the most attractive VPS plans you'll find anywhere. Each VPS plan comes with free SSD storage arranged in RAID 6,... read more +

Boasting market-leading VPS hardware, slick management software, and free SSD drives and backups, InMotion offers the most attractive VPS plans you'll find anywhere.

Each VPS plan comes with free SSD storage arranged in RAID 6, which is incredibly fast and secure. Each of their plans also come with an awesome amount of RAM for the server cost, so the speed-to-dollar ratio is high with this host.

InMotion’s VPS packages run on CentOS 6 Linux operating systems and all feature a license for cPanel. Each plan also comes with Web Hosting Management (WHM) software, making it super-easy to resell some unused server resources.

InMotion's reputation for uptime is second-to-none, with a solid track record as a large-scale VPS host and a large, friendly support team available at any time.

Lastly, InMotion has a 90-day money-back guarantee and offers a choice of datacenters, which are nice customer-centric features. Their support is top-notch and 24 hours. We highly recommend you check them out if you are looking for a VPS with great hardware and reseller options at a low price.

collapse info -
VPS RATING
★★★★★ 4.9/5.0
  • Only pay for resources you use with daily billing
  • 5TB of outgoing bandwidth and FREE incoming bandwidth
  • API access and cPanel available
(read more)
Starting Price/Mo. $29.50
Money Back Guarantee N/A
Disk Space 50 GB - 1.6 TB SSD
Domain Name FREE (1 year)
VPS Hosting Plans www.liquidweb.com/vps
Our Expert's Liquid Web Review
It's no secret by now that Liquid Web is known for best-in-class technology and reliability that exceeds expectations (from uptime to technical support). Their VPSs embody that reputation to its fullest — including a new... read more +

It's no secret by now that Liquid Web is known for best-in-class technology and reliability that exceeds expectations (from uptime to technical support). Their VPSs embody that reputation to its fullest — including a new Managed WordPress product (Hop one tab over to the WordPress Review for more info on this awesome addition.).

Perks of a Managed VPS: Support Meets Reliability

They offer a high-powered VPS solution as well as their in-house-built, cloud-based Storm® Servers, all of which are backed by their popular SLAs (service-level agreements) promising high uptime rates and highly reliable help from the Heroic Support® experts.

Better Performance with Liquid Web Virtual Servers

With high-powered SSDs and, of course, the Heroic Support® team, the VPS platform shines among the managed services offered at Liquid Web. You'll pay a bit of a premium for managed hosting, but there's a reason customers rave about the Heroic Support®, incredible SLAs, and excellent uptime rates.

SSD Power & Fully Managed Support

RAID-protected SSD storage comes standard for Liquid Web VPS users, which decreases latency and keeps your page loads fast and secure. They offer a range of management plans, as well as cPanel control and API access, so you get the perfect level of infrastructural management support for you and your site.

Cloud-Level Flexibility & Supreme Uptime

The Liquid Web VPS infrastructure was engineered with customer priorities in mind. These solutions are ideal for users that want cloud-like flexibility, such as billing by the day and custom configurations, but also seek the affordability of shared hosting. Customers can instantly provision and deploy their virtual server, easily upgrade, downgrade, clone, or resize, and only pay for the resources they use.

Award-Winning Heroic Support® & Sonar Monitoring™

Liquid Web's SLAs promise speedy response times and industry-leading performance. Their blazing fast and fault-resistant servers are backed by the round-the-clock attention of the Sonar Monitoring™ team.

Heroic Support® Team Helps Consistently Earn High Net Promoter Scores

Not only does the Heroic Promise ensure a Heroic Support® technician will get to you quickly, but their policy of Best Effort Support guarantees that they will attempt to help with any problem you encounter. That kind of customer support translates into customer loyalty, and it's a commitment that's rare and wonderful in this industry.

Sonar Monitoring™ Team Helps Yield Virtually No Downtime

In 2014 Liquid Web yielded an incredible uptime rate of 99.995%. With their wholly owned hardware being watched over and maintained by highly trained technicians, there's no reason to doubt their promise of virtually nonexistent downtime in the future.

All server statuses are watched around the clock by the Sonar Monitoring™ team, which is trained to detect system issues quickly, and ideally have problems resolved before a hiccup even shows up on your radar.

Storm® Platform, Private Cloud, & Add-Ons

In addition to a heroic army of support, Liquid Web has 50+ developers dedicated to the build-out and up-keep of custom solutions. A great example would be their Storm® Platform: an in-house innovation based on their top-of-the-line VPS infrastructure.

With automatic migrations and provisioning and easy scaling options, the Storm® Cloud Server offers all the SSD speed and custom functionality you want in an affordable, shared cloud environment. To give users even more options, Liquid Web developers are constantly working on new projects, including the latest Storm® Private Cloud functionality and their Block Storage, Object Storage, and VPN Storm® Add-Ons.

Liquid Web VPS in a Nutshell

If you want easy scaling, screaming fast speed, custom functionalities, and unparalleled support, look no further than Liquid Web for your VPS. They own all the hardware and have a rather large development team in their corner, so the technological possibilities are pretty much limitless. We'd recommend going with their custom Storm® Servers, which offer all the power, flexibility, and scaling options you'd require of a virtual or dedicated server with the affordability and ease of use of a shared hosting solution.

collapse info -
VPS RATING
★★★★★ 4.8/5.0
  • 2-4 cores and 4-16GB of RAM
  • Endorsed by the WordPress team
  • Redundant storage and optional SiteLock security
(read more)
Starting Price/Mo. $19.99
Money Back Guarantee 30 days
Disk Space 30 GB - 240 GB SSD
Domain Name FREE (1 year)
VPS Hosting Plans www.bluehost.com/vps
Our Expert's Bluehost Review
When comparing the performance versus price of VPS plans, Bluehost brings supreme value to the table. In addition to competitive pricing, they offer premium support and excellent uptime compared to other VPS options in the... read more +

When comparing the performance versus price of VPS plans, Bluehost brings supreme value to the table. In addition to competitive pricing, they offer premium support and excellent uptime compared to other VPS options in the industry. If you’ve outgrown shared hosting, or need the flexibility and security of a VPS, Bluehost is a great choice for you.

Bluehost’s virtual servers boast several benefits compared to standard shared hosting and other VPS offerings. The first is speed; Bluehost offers your choice of two or four cores and 4GB to 16GB of RAM with guaranteed resources, so you have the power you need when you need it. The second perk is security; Bluehost offers redundant storage and optional SiteLock protection to secure your data.

For those new to VPS hosting who may not know exactly what is needed, Bluehost makes it incredibly easy and seamless to switch between their plans to find the perfect package for you. If you have questions or need some advice, their wonderful support staff is standing by to assist 24/7.

Formed in 2003, Bluehost has long since been a hosting innovator and leader. Today, the company powers more than two million websites and carries the official seal of approval given by the WordPress.org team for their managed WordPress services hosted on their VPS platform. With years of experience, competitive pricing, and excellent support, Bluehost is a pick you can take to the bank in the VPS hosting space.

collapse info -

See more secure virtual server plans »

Secure Shared Hosting

In a shared hosting scenario, your site is a folder on a server shared by many other sites. Server-level operations and security needs are handled by the host company. It is an economical starting point for sites that don’t need a lot of resources.

Though shared hosting is perceived as the least secure of the three main hosting buckets — shared, virtual, and dedicated servers — the best shared hosts on the market will ensure your site is perfectly safe from standard threats. Our #1 pick for shared hosting is below.

SHARED RATING
★★★★★ 5.0/5.0
  • Known for high-performance, low-cost shared hosting
  • FREE website builder with 1,000s of templates
  • Endorsed by the WordPress.org team as a top WP host
(read more)
Starting Price/Mo. $2.95
Money Back Guarantee 30 days
Disk Space Unlimited
Domain Name FREE (1 year)
Shared Hosting Plans www.bluehost.com/shared
Our Expert's Bluehost Review
If you’re looking for an affordable host, Bluehost is a solid, reputable choice, but their low cost coupled with their supremacy in the shared hosting arena is what makes this provider such a value deal. The Bluehost name is listed toward the top of many of... read more + If you’re looking for an affordable host, Bluehost is a solid, reputable choice, but their low cost coupled with their supremacy in the shared hosting arena is what makes this provider such a value deal. The Bluehost name is listed toward the top of many of our reviews categories, and with good reason. They offer excellent hardware configurations, a generous list of extras, and fantastic support and reliability — all at a price point that’s, generally, lower than the competition.The speed and performance result from very modern hardware and a global content delivery network. They also offer nearly unlimited everything, including storage, emails, and bandwidth, and many other perks. For example, they include a free domain and marketing credits to get your site off the ground — adding to their value.We rank Bluehost at or near the top for their WordPress, VPS, and dedicated options and if those fit your needs, please check them out. You’ll be happy to note their incredibly competitive pricing across the board.We are convinced Bluehost has the goods to meet your hosting needs today and in the future, but more importantly, they are too. They offer a 30-day money-back guarantee should you become dissatisfied with any of their plans for any reason; however, we’re willing to bet you won’t be. collapse info -
SHARED RATING
★★★★★ 4.8/5.0
  • An industry-leading shared host with competitive pricing
  • Attract visitors with a complimentary marketing suite
  • $500 in extras like Google AdWords and SiteLock security
(read more)
Starting Price/Mo. $1.99
Money Back Guarantee 30 days
Disk Space Unlimited
Domain Name FREE (1 year)
Shared Hosting Plans www.ipage.com/shared
Our Expert's iPage Review
Whether you're a first-time website owner or a web veteran, iPage’s excellent hosting services and fantastic list of extras make them one of the best values in web hosting.Unlimited disk space, bandwidth, and emails are just a part of what makes iPage’s... read more + Whether you're a first-time website owner or a web veteran, iPage’s excellent hosting services and fantastic list of extras make them one of the best values in web hosting.Unlimited disk space, bandwidth, and emails are just a part of what makes iPage’s shared hosting plans a great deal. They offer very good "suites" of extras focusing on web hosting necessities like security, marketing, and support.If you don’t yet have a site, they include a free domain and website builder to get you rolling quickly. We especially love their inclusion of eCommerce templates and online shopping carts for the same low price.Support is one factor that’s very important to us, as it should be to you. For customer support, iPage has US-based phone, email, and chat available 24/7. For the DIY crowd, they also have an extensive list of tutorials and helpful documents.One of the very best budget web hosts out there, iPage offers great hosting features and server performance for a low price. If you are searching for a cheap, reliable web host, iPage should definitely be near the top of your list. collapse info -
SHARED RATING
★★★★★ 4.8/5.0
  • A favorite for shared hosting (and dedicated or cloud)
  • FREE SSD storage packs 20x the performance
  • FREE SSL certificate and 24/7 support
(read more)
Starting Price/Mo. $2.95
Money Back Guarantee 90 days
Disk Space Unlimited
Domain Name FREE (1 year)
Shared Hosting Plans www.inmotion.com/shared
Our Expert's InMotion Review
InMotion offers an excellent business-class shared hosting plan. While carrying a higher price tag than other cheap hosts, it has a very nice list of features to help justify the extra cost. For the IT crowd in the audience, you’ll appreciate SSH access, as... read more + InMotion offers an excellent business-class shared hosting plan. While carrying a higher price tag than other cheap hosts, it has a very nice list of features to help justify the extra cost. For the IT crowd in the audience, you’ll appreciate SSH access, as well as support for PHP, Ruby, Perl, Python, WP-CLI, and other popular languages. You’ll also appreciate the 20-times faster speed, which comes from all-SSD storage and your choice of datacenter locations. You needn’t worry about data security as InMotion plans include data backups.For the rest of us, we can appreciate the convenience of the free website transfers and 24/7 US-based support. A free domain and website builder with eCommerce support are also appealing.The overall package and business-class hardware make InMotion’s shared hosting a great choice for businesses or those looking for a little higher-end hardware. And, as one of the few remaining independently owned hosting providers left on the market, InMotion has taken every effort to remain cost-competitive. collapse info -

See more secure shared hosting plans »

Mitigate Threats to Your Website & Server By Following These Standards

Although security seems frightening, webmasters who pay attention, and have the help of a good hosting service partner, run websites without experiencing any major disruptions. A little knowledge goes a long way, so don’t let the learning process stop once your site is launched. The online security threat matrix is ever-evolving, and it behooves you to stay abreast of the latest trends, standards, and emergent threats. May the secure web hosting force be with you!

ABOUT THE AUTHOR
Alexandra Leslie

Alexandra Leslie serves as Tech Vertical Manager of Digital Brands Inc, spearheading the charge to deliver technical expertise and thought leadership to our rapidly growing audience of developers, engineers, and website owners here at HostingAdvice. You'll find her engaging with leaders in web hosting and tangentially related industries, enjoying honest discussions of their cutting-edge technologies. She loves getting her hands dirty with comprehensive reviews of popular hosting platforms and services, and she's a die-hard WordPress fan. Alexandra leads the HostingAdvice team with a passion for translating technical jargon into digestible action items anyone can use to build, monetize, and scale a web presence.