There are three distinct kinds of hosting plan which are offered by hosting providers.
These are: Shared Server Hosting, Virtual Private Server (or VPS) Hosting, and Dedicated Server Hosting.
Managed hosting is usually restricted to Shared Server Hosting.
We have however seen a welcome increase in the provision of affordable Managed VPS Hosting.
Whether Shared server or VPS, most start out by subscribing to a Cloud Hosting Plan.
Making sense of the hosting environment
There are a few different applications used to configure web hosting servers.
These include Windows, Apache, LiteSpeed and Nginx server.
We have hosted Joomla! CMS websites on servers running various applications in recent years.
What have we learned?
LiteSpeed server performance has impressed us.
We have not enjoyed hosting the Joomla! CMS in an Nginx environment.
We would not consider hosting a Joomla! CMS on an Nginx server unless the hosting provider were to:
- permit custom Nginx configuration, and
- guarantee that Nginx can load a customised NGINX CONF file
as configured by the Nginx Configuration Maker tool included with Akeeba Admin Tools (web application firewall).
Read more: The web hosting environment.
The range of available hosting types
- Shared Server Hosting,
- Cloud Hosting (public and private),
- Premium Hosting,
- Hybrid Hosting,
- Virtual Private Server (or VPS) Hosting,
- Managed VPS Hosting,
- Dedicated Server Hosting.
Cloud Hosting
You may see two kinds referred to: public cloud and private cloud.
Hosting on a public cloud is most likely the one most appropriate for anyone just starting out.
Why? Value for money as a result of lots of website owners sharing resources.
How does Cloud Hosting compare to its predecessor, Shared Server Hosting?
Shared Server Hosting involved lots of websites being hosted on one hard disk drive (or physical server).
Cloud Hosting involves many websites sharing one cloud (which is itself being supported by several physical servers).
If one server supporting the cloud were to malfunction, the other servers step in to help keep your website visible.
When should you consider Managed VPS hosting?
When first launching a website you probably won't need VPS Hosting even if it is an eCommerce website - see below.
But when you do you will probably want to consider Managed VPS hosting.
So choose a hosting company which can offer this service if you think you may need it in the next 1-3 years.
Confidential Data Processing and Storage
When your website is processing and/or storing confidential payment details.
Increased Traffic
If you start to see hundreds of visitors trying to view the same web page at the same moment of time then you need a VPS.
The VPS will enable you to gradually increase the amount of RAM and Bandwidth to enable your website to cope with the increased use.
As you increase resources so you will pay more in hosting fees.
Dedicated IP
If a dedicated IP (i.e. not shared with other web users) is important to protect the integrity of your online business then a VPS would seem like a good idea.
But you don't need a dedicated IP to be able to add an SSL certificate to your website.
Nor do you need an SSL to run an eCommerce website but it may help to reassure visitors.
Some other issues to consider
Everyone's needs are different but all website owners want the following.
VPS
It is worth stating that a website hosted on a VPS with a dedicated IP and an SSL certificate is not guaranteed to be more secure than one hosted on a public cloud.
Unless you pay more for Maintained VPS Hosting you will be responsible for maintenance of your VPS.
Without technical input on your part or paid for technical support your server (and its website) will become increasingly vulnerable to compromise.
We therefore recommend paying the higher premium for a Maintained VPS Hosting Plan.
Purchasing support on an ad hoc basis can be much more expensive.
Public Cloud
One reason to take care when choosing where to host your website is that your hosting company will be responsible for maintaining the servers which support the public cloud.
But of course, your website will be sharing resources with other websites which share the same cloud.
And as a result be at increased risk of compromise if and when another website on the same cloud is compromised and used as a platform to attack yours.
You should therefore check what steps your intended hosting company takes to reduce such risks.
For example: does the hosting plan include CloudLinux?
Web Application Firewall
Even if it does, you should still install a Web Application Firewall (or WAF) on your website.
We firmly believe that all Joomla! CMS websites should be protected in this way.
No-one wants their website not to be visible when someone is trying to view it.
And of course this can occur if and when traffic exceeds the limits imposed by your hosting company's fair use policy.
What can be done to reduce the risk of your website not coping with higher levels of traffic?
You could switch from shared server hosting to a VPS.
There are two other steps you could take as your website receives more visitors.
Review the web server configuration currently offered by your hosting provider
The LiteSpeed web server reportedly offers improved performance, stability and security.
Read more: The web hosting environment.
Subscribe to a Content Delivery Network (or CDN)
CDNs offer remote caching of your website's pages, the cache being stored on a different server from that which is hosting your website.
A popular CDN is Cloudflare.
Look for Cloudflare integration (possible with cPanel) when choosing a hosting provider.
If you want to improve website performance then focus on speed.
Data Access Speed is a measure of how long it takes to read and access data on the server's drive.
Page Load Speed is how long it takes for a web page to load in the visitor's browser when they click on a link.
Both are critical on an eCommerce website and on the mobile web.
Steps you can take to increase speed:
- Review web server configuration.
- Switch from spinning disk drive to solid state drive (SSD).
- Consider LiteSpeed caching.
If your eCommerce website is processing and/or storing confidential payment details then you should not use shared server hosting.
Reason: insufficient level of security, even if employing a Web Application Firewall.
That said, there are many 3rd party payment gateway plugins that can be used to process taking payment away from the server hosting your website.
In this instance your website will not be storing confidential payment details.
PCI DSS
PCI DSS is short for Payment Card Industry Data Security Standard.
If your eCommerce website is not using the services of a 3rd party payment gateway then it will have to comply with these standards.
If it is then the 3rd party payment gateway provider is responsible for complying with PCI DSS.
SSL Certificate
An SSL certificate uses encryption to protect traffic between a computer device and a server.
It does not protect the data stored on the computer or the server.
Is an SSL certificate essential for eCommerce?
If you use the services of a 3rd party payment gateway then your customers' payment details will:
- be protected during checkout by the payment gateway's SSL certificate, and
- stored on the 3rd party payment gateway's server, and not yours.
You may wish however to add SSL to your website for two reasons:
- build trust, and
- improve performance in search results.
Look for Let's Encrypt integration (possible with cPanel) when choosing a hosting provider.
Let’s Encrypt is a free, automated, and open certificate authority.
Essential & Desirable Hosting Features
For a quick checklist of essential and desirable hosting features, read our accompanying article.
Read more: Choosing a hosting provider.
Personal Joomla! CMS Help & Support
We coach, help and support managers with responsibility for Joomla! websites in organisations across Cheshire, Manchester, Merseyside, North West England & the UK.