Join 3,559 readers in helping fund MetaFilter (Hide)


Please recommend a secure and affordable WordPress host
July 12, 2012 9:41 PM   Subscribe

What web host for a small business WordPress site would you recommend as being secure and affordable?

Clients of mine have just had their WordPress site hacked. They were hosted on HostMonster, and found the response of HostMonster to this incident to be... less than stellar. They now want to switch hosts. What hosts play well with WP, are relatively affordable, and have top-notch security, including accessible, polite and helpful customer service if something goes wrong? They are probably looking at a shared environment, I doubt they would spring for a dedicated box.

As a bonus, if you have any non-common recommendations to make as to how to secure a WP site, I'd love to hear them. (I know about standard advice such as avoid suspect plug-ins, update WP, use secure passwords, etc. etc.) Note this site used a custom theme that I did not write and don't know much about. The person who wrote the theme says that it is secure and seems familiar with security risks and specific vulnerabilities to avoid (such as not using timthumb).
posted by parrot_person to Computers & Internet (10 answers total) 9 users marked this as a favorite
 
I use Dreamhost. It's pretty good. They are occasionally targets of DDoS attacks, so factor that in. I'm sure there are other hosts that don't have that problem, but they may be smaller businesses.

As for WordPress security, be sure to follow security best practices, which it sounds like you know, take regular backups in case you do get hacked.

I gave some advice on securing WordPress in general here. Keep reading, keep updating, keep on top of it if you can. Script kiddies eventually have access to all the latest exploits, so try to keep updated as recently as you can.

There are also some plugins for security. Some enforce only X number of password attempts. Some use CAPTCHAs to try to defeat automated hacking, etc. But if there's backdoor code, either intentional (though some compromised theme or plugin) or accidental (in a standard, vetted release), the only thing that'll save you is regular backups and regularly updating to the most recent release.
posted by kalessin at 9:53 PM on July 12, 2012 [1 favorite]


Media temple (mediatemple.net) has *excellent* customer service and hosting starting at $20/month. You can call them 24 hours a day and someone in southern California will answer the phone and help you right away. Or you can tweet them and they'll help you that way, too. And presumably email works well, too.
posted by tylerkaraszewski at 9:59 PM on July 12, 2012


WebFaction - amazing customer service, excellent prices for tons of space and data transfer.

We host all of our customer sites with them. Have been there for two years and don't have a single negative thing to say about them.

I set a customer up with them - got him his own account. He's a bit of a techno noob (or let's say just a normal joe, and not a nerd), and I watch his support tickets with WebFaction - they've helped him out immensely, to the point of helping him identify and remove security risks (his WordPress installation had been hacked at his previous host, and he moved the whole thing, hack included, over to WebFaction). They've debugged his applications, helped him set up complicated .htaccess rules to get his multisite WordPress site running like he likes it.

A year or so ago, there was a TimThumb exploit (TimThumb is used by WordPress and some WordPress plug-ins for image-manipulation). WebFaction automatically replaced the compromised files on all WordPress installations with the safe ones - no work needed on the customers' parts.

All in all, I can't imagine a better deal - high performance servers, great price, excellent, friendly service. Do give them a look.
posted by syzygy at 11:10 PM on July 12, 2012


As a quick follow-up on WebFaction - they charge $9.50 a month if you pay monthly for a standard package that's more than enough to run a multisite installation hosting tens of separate WordPress sites.

There is no contract, so you can cancel at any time. Additionally, they offer lower prices if you pay up front - down to $5.50/month if you pay 5 years in advance.

You can also upgrade various parts of your package for reasonable prices if you ever have the need, but the standard package will, in all likelihood, be enough if they're just hosting a single WordPress site.

You also get a full linux shell account - great if you need slightly more control over what's going on under the covers. The sites we host generally get PageSpeed scores above 95, with some pages hitting 99, due to the extensive customization that's possible at WebFaction. They also have one-click installers for Ruby, various Python apps, just a whole ton of quality apps. They use NGINX as a reverse proxy in front of Apache, which speeds up serving static files. You can even install your own Apache, NGINX or MySQL servers under your account for complete control. I installed an NGINX and MySQL server on ours, for instance.

So it's really a super service, whether you just need a great, high performance host to for you WordPress site, or a full-on, customizable setup with complete shell access, and with super prices and outstanding service, to boot.
posted by syzygy at 11:23 PM on July 12, 2012


Seconding WebFaction, and pretty much everything Syzygy said. It's shared hosting, but with near-VPS access. (No root or sudo, but you can compile your own PHP/MySQL/etc. if you really want.)
posted by Su at 2:26 AM on July 13, 2012


HostGator is my recommendation for cheapo shared hosting (as well as cheapo VPSes), and I've never had a negative experience with them. I've only got a couple clients on WebFaction, but so far so good there as well.

If you're considering spending a little bit more, though, WP Engine is straight up ridiculous: an order of magnitude faster than any other out-of-the-box hosting I've used (faster than a pair.com VPS, for example), great support, and useful WP-specific features like their staging area. They know WP inside and out--can't recommend them highly enough.

(I used to recommend Dreamhost and Bluehost, but, like Media Temple's cheaper plans, have found them oversold and occasionally unreliable.)
posted by tsmo at 5:10 AM on July 13, 2012 [1 favorite]


I've used HostGator for several years for both my own sites & several clients & have been very happy with them. Customer service questions have all been answered fairly quickly.

I had problems with my server at Dreamhost going down (for days or weeks at a time) and the customer service people were extremely unhelpful. This was a few years ago, but a friend just told me she had similar problems this year.
posted by belladonna at 5:49 AM on July 13, 2012


I was with Dreamhost for about a decade. They were once a very cheap, solid webhost, but I echo belladonna's problems with them. Apart from site and email uptime issues, they once copied a six-hour-old back-up onto the server I was hosted on, breaking a project I'd just launched. There was no notification, either before or after the fact, and no apology from Dreamhost's customer service when I tried to find out was going on.

So I'm now a happy MediaTemple customer. I've had minimal downtime, and their customer service, on the few times I've had to use it, has been helpful and pleasant. I also love the fact that, as an Australian, I can call a local number to me and magically speak to a live person in California even if it's 2am there.
posted by Georgina at 6:59 AM on July 13, 2012


For what it's worth, HostGator is now (as of a few weeks ago) part of the same family of companies that owns Host Monster.
posted by FlamingBore at 11:33 AM on July 13, 2012


Thank you all for the great feedback! I'm in the midst of exploring these options with my client now. I won't mark any as best answer because they are all helpful.
posted by parrot_person at 12:21 AM on July 15, 2012


« Older Tell me about your experience ...   |  What are my prepaid 3g data+si... Newer »
This thread is closed to new comments.