What kind of hosting is right for your website?

Factors which may lead you to consider VPS Hosting

1) Confidential Data Processing and Storage

When your website is processing and/or storing confidential payment details.

2) Increased Traffic

If you start to see hundreds of visitors trying to view the same web page at the same moment of time then you need a VPS.

The VPS will enable you to gradually increase the amount of RAM and Bandwidth to enable your website to cope with the increased use.

As you increase resources so you will pay more in hosting fees.

3) Dedicated IP

If a dedicated IP (i.e. not shared with other web users) is important to protect the integrity of your online business then a VPS would seem like a good idea.

But you don't need a dedicated IP to be able to add an SSL certificate to your website.

Nor do you need an SSL to run an eCommerce website but it may help to reassure visitors.

Security

VPS

It is worth stating that a website hosted on a VPS with a dedicated IP and an SSL certificate is not guaranteed to be more secure than one hosted on a public cloud.

Unless you pay more for Maintained VPS Hosting you will be responsible for maintenance of your VPS.

Without technical input on your part or paid for technical support your server (and its website) will become increasingly vulnerable to compromise.

We therefore recommend paying the higher premium for a Maintained VPS Hosting Plan.

Purchasing support on an ad hoc basis can be much more expensive.

Public Cloud

One reason to take care when choosing where to host your website is that your hosting company will be responsible for maintaining the servers which support the public cloud.

But of course, your website will be sharing resources with other websites which share the same cloud.

And as a result be at increased risk of compromise if and when another website on the same cloud is compromised and used as a platform to attack yours.

You should therefore check what steps your intended hosting company takes to reduce such risks.

For example: does the hosting plan include CloudLinux?

Web Application Firewall

Even if it does, you should still install a Web Application Firewall (or WAF) on your website.

We firmly believe that all Joomla! CMS websites should be protected in this way.

Read more: Joomla! CMS Security. 

Visibility

No-one wants their website not to be visible when someone is trying to view it.

And of course this can occur if and when traffic exceeds the limits imposed by your hosting company's fair use policy.

What can be done to reduce the risk of your website not coping with higher levels of traffic?

You could switch from shared server hosting to a VPS.

There are two other steps you could take as your website receives more visitors.

Review the web server configuration currently offered by your hosting provider

The relatively new Litespeed web server reportedly offers improved performance, stability and security.

Read more: The web hosting environment. 

Subscribe to a Content Delivery Network (or CDN)

CDNs offer remote caching of your website's pages, the cache being stored on a different server from that which is hosting your website.

A popular CDN is Cloudflare.

Look for Cloudflare integration (possible with cPanel) when choosing a hosting provider.

Speed

If you want to improve website performance then focus on speed.

Data Access Speed is a measure of how long it takes to read and access data on the server's drive.

Page Load Speed is how long it takes for a web page to load in the visitor's browser when they click on a link.

Both are critical on an eCommerce website and on the mobile web.

Steps you can take to increase speed:

• Review web server configuration.
• Switch from spinning disk drive to solid state drive (SSD).
• Consider Litespeed caching.

Read more: How to speed up your website.

eCommerce

If your eCommerce website is processing and/or storing confidential payment details then you should not use shared server hosting.

Reason: insufficient level of security, even if employing a Web Application Firewall.

That said, there are many 3rd party payment gateway plugins that can be used to process taking payment away from the server hosting your website.

In this instance your website will not be storing confidential payment details.

PCI DSS

PCI DSS is short for Payment Card Industry Data Security Standard.

If your eCommerce website is not using the services of a 3rd party payment gateway then it will have to comply with these standards.

If it is then the 3rd party payment gateway provider is responsible for complying with PCI DSS.

SSL Certificate

An SSL certificate uses encryption to protect traffic between a computer device and a server.

It does not protect the data stored on the computer or the server.

Is an SSL certificate essential for eCommerce?

If you use the services of a 3rd party payment gateway then your customers' payment details will:

• be protected during checkout by the payment gateway's SSL certificate, and
• stored on the 3rd party payment gateway's server, and not yours.

You may wish however to add SSL to your website for two reasons:

1. build trust, and
2. improve performance in search results.

Look for Let's Encrypt integration (possible with cPanel) when choosing a hosting provider.

Let’s Encrypt is a free, automated, and open certificate authority.

Read more: Let's Encrypt.