Before building a new WordPress site, you need to consider which hosting options you need to choose from. From bargain shared WordPress hosting options that cost just RM20/month, to self-hosting your WordPress site, or to more costly dedicated WordPress hosting.
The capacity limits, features and practices offered with each WordPress hosting option have a direct correlation on the performance, availability and security of your WordPress website. Majority of the WordPress hosting companies provide fully hosted environments, which is the focus of this article.
CPU limitation is the first criteria to look for in a WordPress hosting plan. It is essential to understand how much of it you are allowed to use in a shared hosting environment since you are buying a fraction of the computing power of the web server after all. In general, most shared WordPress hosting plans have imposed the maximum amount of CPU power that you are allowed to use, along with how many seconds you are allowed to remain at that level. The more traffic your website receives, the more this will matter to you. Hence it is wise to ask how much CPU power your shared hosting account will receive before purchasing the hosting subscription.
In order to manage your WordPress site, it is essential to be able to upload and change files on your web server or WordPress hosting account. To secure your connection, you can always choose SSH or sFTP. Before purchasing the shared hosting plan, ask your WordPress hosting provider whether they support the secure access that you need because connecting to your server over FTP exposed you up to significant security risks because this information is sent over the internet in plain text, whereas SSH or sFTP will use encryption during the transfer.
Transport Layer Security (TLS)
Transport Layer Security (TLS) is the encryption technology that is used to offer encrypted communication between WordPress web server and your website visitors’ browser. You can easily identify a web page that utilizes the TLS protocol because it will always begin with HTTPS instead of HTTP. To secure your WordPress site, it is highly recommended to run a HTTPS-only website.
At a minimum, you need to ensure your WordPress login page (usually something like https://example.com/wp-login.php) and any pages that accept sensitive information from your users or present it back to them are HTTPS pages. Please take note that most hosting plans will charge extra if you require this feature or you may have to purchase your own certificate, so make sure that you ask your hosting provider first or find out how much it will cost you.
WordPress Hosting: Dedicated IP
It’s generally known that majority of the websites on a shared server, including WordPress shared server share a common IP address with their neighbours. This should not be a problem because a shared IP address will not reduce your website loading speed nor impact your SEO rankings. However, there is always a chance that if one of your IP address neighbours engages in spammy and malicious behaviour that may impact you negatively by getting your IP address blacklisted by an organization like Spamhaus. To safeguard your website, it is wise to spend money in securing a dedicated ip address. It is highly recommended for you to know whether dedicated IP addresses are available and that you understand the cost before you commit to a WordPress hosting plan.
ModSecurity is an open source web application firewall that can be customized to augment what a recommended WordPress security plugin like Wordfence does in a compatible way. In the current hosting marketplace, majority of the hosting providers offer ModSecurity in some form. We recommend that you pick a hosting provider that allows this feature and ideally offers you the option to customize how it is configured.
Other Security Software
Many WordPress hosts will offer additional security software options but they can be restrictive too in allowing which security software you wish to run. As recommended, always verify that you are allowed to install and run the Wordfence security plugin in your WordPress shared server.
Technical Support or Assistance
WordPress script is prone to attacks by hackers in the past and it still does happen till this day. In the event that your site is targeted by hackers, it is imperative that you are able to react swiftly because the faster you recover from the unfortunate hacking incident, the smaller the impact to you and your users. In cases like this, you will definitely require the assistance from your WordPress host in order to help with your recovery efforts. Hence it is very important that you understand how quickly your hosts’ support team responds, how you are allowed to contact them and how competent their support resources are. In view of this, we highly recommend that you choose a top host provider such as ServerFreak that provides competent technical assistance and immediate phone support when needed on a 24/7 basis.
Backups Restoration & Log File Access and History
Unfortunately any webmasters know that they can’t avoid website hacking incident effectively. Hence, backups are one of your most important tools in the event of a hack. Backup restoration will help to restore your website to a “pre hack” state which can make it very easy to eliminate malicious code from your site and get your website back up quickly. It is highly recommended to pick a host provider that automatically backs up your site daily and retains backups for at least 30 days. This service is crucial because sometimes your website could have been hacked for days without you noticing, so if you have older backups available then you can recover your website with ease.
Meanwhile, server log files are a rich source of information when you are trying to identify the vulnerability that led to a website hack and the total impact it had on your website. At a minimum, you need to purchase a WordPress hosting plan that offers you immediate access to log files going back at least 24 hours. Ideally you should also have the option to archive log files older than 24 hours old for 30 days.
In conclusion, this article is written with the hope that you are now equipped with a solid understanding of the specific features you should be looking for in a WordPress hosting plan and why it is important to safeguard your WordPress site at all times.
If you are looking for a reliable WordPress server that contains all the security features listed above, then you are invited to contact us at ServerFreak today! For more information related to our WordPress Shared Hosting plans, kindly drop your questions to firstname.lastname@example.org