I receive quite a few calls every day from people whose websites have been hacked and in most cases the situation is exacerbated by the shared hosting plan they’ve chosen to host their website or websites.
Analogy wise, a shared web hosting plan is akin to an open bay college dorm room, or an office building where all of the internal office doors share the same key.
If someone is going to steal your roommates stuff there’s nothing stopping that person from stealing your stuff in the shared space as well.
So, while convenient, “dorm room style hosting” trades security for convenience.
There may also be legal liability issues relating to reselling shared web hosting in this way. If, for example, you host 20 client websites in a shared account, and you give any one of your 20 clients FTP access you will have effectively given that person access to the contents and databases of all of your 20 websites.
Your first thought may be, “Dude, what the heck are you smoking!
When I give FTP access out to my clients they only have access to their own directory space…”
Well, here’s the rub. If I’m an enterprising hacker, and I somehow get FTP access to any one of your shared domains, or you install a compromisable plugin on any one of your websites, all I have to do is use that to install a back door script, like FilesMan, and I’ll have total access to everything within your account, from files, to images, as well as read and write access to all of your clients databases (and all of your client’s email if email is stored within the same account).
Have you notified all of your clients that if one of your other websites is hacked it’s likely their websites will be hacked as well?
What is the solution?
Well, while shared hosting of the “dorm room” variety is fine for a single business, shared website hosting plans can be quite risky for a web design business.
It takes less than 3 minutes for a hacker to hack or delete the contents of every website sharing the same shared hosting account files space.
If this is not a risk you wish to take with your business then a reseller type hosting plan is your more secure option. A reseller hosting plan is one in which you may set up separate FTP username and passwords for each client, such that no accounts share the same files space. cPanel WHM (Web Hosting Manager) is currently the best and easiest to use reseller control panel. To locate a secure cPanel WHM web host type this into Google:
“cpanel whm with daily malware scanning”
Hopefully I’ve shed some light on the security ramifications of using shared hosting plans. If you have any questions please feel free to call me anytime, Jim Walker, (619) 479-6637.
“Friends Don’t Let Friends Get Hacked”