I receive quite a few calls every day from people whose websites have been hacked and in most cases the situation is exacerbated by the shared hosting plan they’ve chosen to host their website or websites.
Analogy wise, a shared web hosting plan is akin to an open bay college dorm room, or an office building where all of the internal office doors share the same key.
If someone is going to steal your roommates stuff there’s nothing stopping that person from stealing your stuff in the shared space as well.
So, while convenient, “dorm room style hosting” trades security for convenience.
There may also be legal liability issues relating to reselling shared web hosting in this way. If, for example, you host 20 client websites in a shared account, and you give any one of your 20 clients FTP access you will have effectively given that person access to the contents and databases of all of your 20 websites.
Your first thought may be, “Dude, what the heck are you smoking!
When I give FTP access out to my clients they only have access to their own directory space…”
Well, here’s the rub. If I’m an enterprising hacker, and I somehow get FTP access to any one of your shared domains, or you install a compromisable plugin on any one of your websites, all I have to do is use that to install a back door script, like FilesMan, and I’ll have total access to everything within your account, from files, to images, as well as read and write access to all of your clients databases (and all of your client’s email if email is stored within the same account).
Business ethics?
Have you notified all of your clients that if one of your other websites is hacked it’s likely their websites will be hacked as well?
What is the solution?
Well, while shared hosting of the “dorm room” variety is fine for a single business, shared website hosting plans can be quite risky for a web design business.
It takes less than 3 minutes for a hacker to hack or delete the contents of every website sharing the same shared hosting account files space.
If this is not a risk you wish to take with your business then a reseller type hosting plan is your more secure option. A reseller hosting plan is one in which you may set up separate FTP username and passwords for each client, such that no accounts share the same files space. cPanel WHM (Web Hosting Manager) is currently the best and easiest to use reseller control panel. To locate a secure cPanel WHM web host type this into Google:
“cpanel whm with daily malware scanning”
Hopefully I’ve shed some light on the security ramifications of using shared hosting plans. If you have any questions please feel free to call me anytime, Jim Walker, (619) 479-6637.
“Friends Don’t Let Friends Get Hacked”
7 Comments
Indonesia says
Thanks for finally talking about >Shared Hosting Can Be Bad For Thee Health Of
Your Web Design Business <Liked it!
Denisha Kilgour says
That is a great tip especially to those new to the blogosphere. Short but very accurate info… Thank you for sharing this one. A must read article!
Jim Walker says
My portion of iThemes Security is just the HackRepair Bad Bot list option. Are you saying that when that is enabled the site does not work as expected, or are you saying that when the plugin in it’s entirely is enabled things are breaking?
Fion says
…and to add to the threat of theft there is the threat of being added to Google’s IP address blacklist fro crimes committed by sites sharing your C class IP.