Understanding Your Hosting & Security Options

0
3 months ago

Certain aspects of website can seem overwhelming for a small business owner. In this article, we will go over the most important technicalities of your website. How to differentiate the specs on different hosting account options and choosing the right one for your business.

What are the types of hosting options?

What is hosting? In a nutshell, web hosting is the process of renting or buying space to house a website on the World Wide Web. Website content such as HTML, CSS, video and images has to be housed on a server to be viewable online.

Every website needs hosting, If your website is on what is called self-hosted platform such as Shopify, Squarespace, Wix you don’t have to worry about hosting and its included on your monthly fee. If you have another type of website such as WordPress, or a custom PHP, HTML, Joomla site or similar systems then you will need purchase a hosting account.

In essence there are 4 main types of hosting accounts: 

  1. Shared Hosting
    In a shared hosting environment, your website ‘lives’ with other websites on the same server. 

    The server’s resources such as RAM, disk space, processor are shared by the websites living on that server. Hosting your website on a shared server is the most affordable option. It’s a great choice if your website is just starting off, and you don’t have a lot of visitors. That’s because you don’t need a lot of disk space or bandwidth that high-traffic sites need.

    If your website gets a lot of traffic (or regular spikes of it), you shouldn’t opt for this type of hosting because, a high amount of traffic might not be supported due to limited resources. A typical shared hosting hosts around 3,000 sites.
  2. Virtual Private Server (VPS) Hosting
    In a Virtual Private Server hosting environment, your website ‘lives’ in the same server as other websites, but in an isolated environment. You get dedicated processing power, RAM and disk space that other websites on that server cannot use.

    This type of hosting costs more. But you get more power, which means your website can handle significantly more traffic and process more user requests. If you have a well-established business and/or anticipate a lot of traffic, this might be a good solution for you.
  3. Dedicated server  
    A dedicated server means you get an entire physical server to yourself. No other websites hogging resources. No other sites pulling your site performance down. Dedicated server hosting is the highest level of hosting you can get, it also costs a fortune.

    Use a dedicated server if your brand has exponentially gained a ton of traffic. Otherwise, you might want to stick to less powerful plans in the meantime.  
  4. Cloud servers 
    A new type that has emerged in the last few years is the Cloud Servers. They usually run on the giant public clouds, like Amazon Web Services, Microsoft Azure Google Cloud. Service providers can build whatever configuration suits the needs of their customers. The big benefit of cloud servers is that you can scale seamlessly. If you need to be able to handle that big traffic surge, just pay your provider more money. Nothing needs to be moved or rebuilt.

Understanding Bandwidth

Now that you have an idea what type of hosting is best for you, the next thing to decide how much bandwidth you need. Hosting account plans generally charge based on storage and bandwidth usage. Bandwidth is a measure of how many bytes you serve over a given period. If you expect only a few folks to visit your site, bandwidth will be low. But if you’re suddenly featured at a TV show or your product goes viral you can expect bandwidth requirements to surge. 

If you plan to only serve a few pages to a few local customers, you’ll be fine with the cheapest plan. But if you know that you’re building a site that will have a lot of viewers or use a lot of video that will stress shared servers, be sure to pick a VPS, dedicated or cloud-based server that can give you more bandwidth. The amount of bandwidth you have determines how quickly your website can deliver content to your visitors during peak traffic times. It is a vital part of growing your audience and increasing your sales. 

What Is Unlimited Bandwidth?

Just like there’s no such thing as unlimited storage on a server, there’s no such thing as unlimited bandwidth.

You’ll often see various shared web hosting companies offering unlimited bandwidth, domains, or disk space. 

BEWARE; this is misleading because every web hosting provider has bandwidth limits on the packages they offer.

So, why do web hosts advertise “unlimited bandwidth”? That’s because they know that, under normal circumstances, 

the sites on a shared server will never use up all the available bandwidth. But what they’re not telling you is that there are limits on how much of the server’s CPU (Central Processing Unit) your site can use.

When you’re shopping for a web host, pay close attention to those who offer unlimited bandwidth. Look for the fine print or ask about their policies on CPU usage and what they’ll do if there is a spike in traffic.

So How My Bandwidth Do I Really Need?

The amount of bandwidth you’ll need depends on three factors;  the number and size of your pages, the number of visitors your website gets, and the number of pages each visitor looks through. If your site is new, or you don’t have a lot of content and/or visitors, then you will not use a lot of bandwidth. But, if your website already has a large following and you have a lot of graphics, images, video, audio, downloadable content, then you’ll need more bandwidth. 

The easiest way to tell how much bandwidth you’ll need for an existing site is to simply login to your web host account and look at the traffic reports on your cPanel. Nearly every web host provides a report on your bandwidth usage.

What about if you have a brand new site? In this case you will need to create an estimated guess, by using the formula below:

The formula for calculating your bandwidth is:

(Number of monthly visitors) X  (Average number of visited pages) X (Avg. size of each page) = Monthly Bandwidth (in megabytes)

Example, lets say you get 5,000 monthly visitors who visit an average of 3 pages and your average page size is 2mb, the formula would look like this:

5,000 x 3 x 2 = 30,000MB (30GB Monthly Bandwidth)

What Happens if I Exceed My Bandwidth?

If you exceed your monthly bandwidth allowance, one of these three things can happen: 

  1. The host will suspend your website, 
  2. The host will charge you overage fees, 
  3. The host will auto-upgrade your plan to the next version, with more bandwidth.

How Can I Reduce My Bandwidth?

Most of the time for startups should be fine with the cheapest hosting plan as long as you optimize the pages. Optimizing your pages will reduce your bandwidth and improve site speed. Page optimization is done by: 

  1. Compressing images and videos which reduces the size of images, large downloads / videos on your site.
  2. Deleting unused content from your server
  3. Enabling compression from HTTP, CSS, and JavaScript by using a caching plugin if on WordPress. 

How Do I Find a Good Shared Hosting?

99% of the time a shared hosting account should be sufficient for a startup company. Within shared hosting accounts there’s a lot of plans and companies you can choose from and not all would be good options for you. Good, shared hosting account boils down to the 3 S’s: speed, support and security.

Speed

Consider where most of your customer base is located. See where their servers are located. The most reliable hosting companies have several data centers spread through out the globe. Make sure these servers are close to your core audience.

Support

Decide how much hand-holding you’ll need?  Some hosting companies will provide basic customer service access to email, ticketing system only. Turnaround time on requests for response, will vary from a few hours to 24 hours. While other service providers offer 24-hour phone support. The limiting factor to non-managed service is that while a vendor may answer questions about basic configuration, it won’t be your systems manager. Some might even provide managed service will make sure your system is configured properly for your load, keep an eye on security issues, patch your software as needed and manage backups among other tasks.

Security

Security is an important concern when looking at a web hosting plan. But there’s no single feature that makes one hosting platform more secure than any other. Rather, a constellation of individual factors contributes to overall web hosting security.

VPS hosting plans and dedicated servers are typically the most secure types of hosting. 

For all hosting types, you’ll want to look for the following:

  • Firewalls
  • DDoS Protection
  • Virus Protection
  • Spam Filter
  • SSL Security Certificate
  • Domain Name Privacy

For e-commerce security, your host should offer you a way to obtain PCI compliance.

Firewall

A firewall is a piece of software that filters request activity before it reaches the webserver. Firewalls block requests based on a number of different factors. IP-address blacklists are the most common type of filtering, blocking connections from known offenders. Most web hosting companies have some kind of firewall. Often, the firewall on a shared hosting plan is shared by many customers, so requests blocked from accessing your system would likewise be blocked from accessing another site.

Some hosting companies will offer something called “Dedicated Firewall” as a service. This allows for specific rules to be made concerning who is (and isn’t) blocked from accessing your website. This is usually not needed, but it could be important if you process sensitive information.

DDoS Protection

DDoS, or Distributed Denial of Service, is a type of attack where thousands of requests are sent to a website all at once, overloading its ability to process them and effectively shutting the site down. Most web hosting companies have some kind of DDoS protection in place.

Anti-Virus Protection

This security system must not only protect the datacenter where your website is hosted but have back-end protection for each individual site as well. The datacenter protection protocols differ on a host-by-host basis, but on a server level you’ll want to look for bundled software like Sitelock, Incapsula, or even Cloudflare CDN integration.

Spam Filtering

Email spam doesn’t comprise a significant threat to site security, although a massive influx of emails could potentially cause the same problem as a DDoS attack. Email spam filtering is a second layer of security, the kind of protection you use to make your experience more pleasant — it protects more than your website. Anti-spam protection is the most common form of email account security and will help you in more ways than just stopping the onslaught of spam emails.

For example, spam filtering can help keep email storage costs down, it’ll decrease the chances of you missing an important email, and can help prevent negative backlash on your reputation.

What is SSL Certificate and Why I Need it

SSL stands for “secure sockets layer” and is a cryptographic protocol used to secure data between two machines through encryption. Without SSL in place, anyone would be able to monitor all the personal information you send to a server in plain text, including passwords and credit card numbers, and easily steal it.  All websites today should have a digital certificate for SSL encryption installed. If not most browsers will warn you that you are viewing an unsecured site.

How Does SSL Certificate Works?

SSL certificates assign a specific cryptographic key to your particular organization’s details (e.g. a domain name) to secure your website when users are required to submit any sensitive information, from filling out forms to logging into their account.

When an SSL certificate is active on your server, your URL will change from HTTP to HTTPS and feature a grey padlock next to it in all web browsers, so your visitors will be able to recognize the visual cues to know your website can be trusted. Having a certificate showing on your site in the address bar is similar to registered trademarks in this way.

In addition, search engines like Google now incentivize website owners to install SSL certificates by boosting their web rankings.

There are six types of SSL Certificates to consider:

  1. Extended Validation Certificates (EV SSL)
  2. Organization Validated Certificates (OV SSL)
  3. Domain Validated Certificates (DV SSL)
  4. Wildcard SSL Certificate
  5. Multi-Domain SSL Certificate (MDC)
  6. Unified Communications Certificate (UCC)
  1. Extended Validation Certificates (EV SSL)

The highest-ranking and most expensive SSL certificate type is an Extended Validation Certificate.

Setting up an EV certificate requires the website owner to go through a standardized identity verification process to confirm they have the exclusive rights to their domain.

Use Cases for EV SSL Certificates
Since EV certificates are expensive and require an extended verification process, they are mostly used by high-profile websites that require a lot of personal information from their visitors or frequently collect online payments (e.g. banks or medical providers).

2. Organization Validated Certificates (OV SSL)

The Organization Validation SSL certificate’s primary purpose is to encrypt sensitive information during transactions. The OV certificate has a high assurance, similar to the EV certificate, and is also used to validate business credibility. OV SSL certificates are the second-highest in price. To obtain them, website owners need to complete a substantial validation process administered by a Certification Authority, which investigates the website owner to see if they have the right to their specific domain name.

Use Cases for OV SSL Certificates
OV certificates are often required for commercial and public-facing websites that collect and store their customers’ information (e.g. web apps).

3. Domain Validated Certificates (DV SSL)

Compared to other SSLs, Domain Validation SSL certificates have low assurance and minimal encryption. Hence, the validation process to obtain this certificate type is minimal. The process only requires website owners to prove domain ownership by responding to an email or phone call.

Use Cases for DV SSL Certificates
As DV certificates are one of the least expensive and fastest types to obtain, they are often used by blogs or informational websites that don’t need to provide extra assurance to their visitors.

4. Wildcard SSL Certificates

Wildcard SSL certificates are available as both OV and DV, and are used to secure a base domain and unlimited subdomains.  The main benefit of purchasing a wildcard certificate is that it’s cheaper than buying several single-domain certificates. Wildcard SSL certificates have an asterisk as part of their common name. The asterisk represents any valid subdomain that has the same base domain. For example, the common name can be *.example.com, which would allow this certificate to be installed for blog.example.com and account.example.com as well.

Use Cases for Wildcard SSL Certificates
Depending on the business needs, customers can purchase either OV or DV Wildcard certificates when they need encryption for multiple subdomains. This could be valuable for blogging solutions that create different subdomains for their user accounts, for example.

5. Multi-Domain SSL Certificates

Multi-Domain SSL certificates can secure up to 100 different domain names and subdomains using a single certificate, which helps save time and money. Businesses have control of the Subject Alternative Name (SAN) field to add, change, and delete any of the SANs as needed. Domain Validated, Organization Validated, Extended Validated, and Wildcard certificates could be upgraded to secure multiple domains. 

Use Cases for Multi-Domain SSL Certificates
Multi-Domain SSL certificates are often used by companies that have representations in different jurisdictions, as well as international conglomerates that need to secure different top-level domain names.

6. Unified Communications Certificates (UCC)

Unified Communications Certificates (UCC) are also considered Multi-Domain SSL Certificates and have the same benefits. 

Use Cases for Unified Communications Certificates. UCCs were initially designed to secure Microsoft Exchange and Live Communications servers. However, today, any website owner can use them to encrypt multiple domains with a single certificate.

Other Considerations When Choosing a Hosting Company

WordPress

If you have a WordPress website, look for hosting providers that offer WordPress hosting account plans. Most of the larger hosting providers have this option. Also WordPress, officially endorses three hosting providers:

Bluehost, Dreamhost, Siteground

Green hostingIf you want to do good for your community and the globe. Find hosting that uses renewable energy. Google has converted all their servers to 100% renewable sources. Any hosting company that uses Google Cloud server is included.

Leave a Reply

Your email address will not be published. Required fields are marked *