"Secure" Hosting

143 views
Skip to first unread message

relish27

unread,
May 13, 2013, 1:39:01 PM5/13/13
to mpls-stpau...@googlegroups.com
What do people think of web hosts like Page.ly, Firehost, and WP Engine that offer "secure" WordPress hosting?  I have one client on Page.ly and it has been a hassle -- lots of difficulties.  Wondering if you guys use these sorts of hosts or think they are necessary/useful for providing extra security from hacking. 

Nicholas Ciske

unread,
May 13, 2013, 1:55:21 PM5/13/13
to mpls-stpau...@googlegroups.com
Page.ly - no direct experience. Some people love 'em. Some loath 'em. They do remove control to add security and stability.

Firehost - a general secure host (e.g. not WordPress specific). Expensive, but very secure (they have HIPPA compliant hosting, which is ridiculously secure). Unless you need that level of security (e.g. you deal with patient data or financial data), it's just extra hassles and expense.

WP Engine - Personally, I've found them to be too restrictive. But some people swear by them -- many sites run fine, but the minute you go outside their narrow niche, things go badly fast.

The Gist:
You don't need any of these to run a secure site, but most shared hosts don't take security seriously enough. Heck, even Linode got hacked... so there's no silver bullets -- but you need to choose a host carefully, then layer security on top of theirs.

What I use:
I use a quality shared host that has excellent security (never had a site hacked there, even ones that were out of date). As an example, they block XML-RPC by default as most sites don't use it - enabling it is as easy as adding a line to .htaccess, but most sites are protected -- you opt-in to less security if you need it.

For bigger sites, I use a VPS at WiredTree -- they manage the server and keep it hardened against attack. Never had a site hacked there.

For managed WP hosting, I recommend Web Synthesis. They offer the flexibility of a VPS with the security of a managed solution. Best of both worlds in my opinion. Never had a site hacked here.

Sucuri is a great solution (plugin and service) as well to add into any site (is bundled with WP Engine's service).
http://sucuri.net/ (non affiliate)

Avoid:
GoDaddy (do I need to say why?)
HostGator and other cut rate hosting (you get what you pay for)
MediaTemple Grid Service (walls between sites are too thin, infections spread easily)

_________________________
Nick Ciske
@nciske

On May 13, 2013, at 12:39 PM, relish27 wrote:

What do people think of web hosts like Page.ly, Firehost, and WP Engine that offer "secure" WordPress hosting?  I have one client on Page.ly and it has been a hassle -- lots of difficulties.  Wondering if you guys use these sorts of hosts or think they are necessary/useful for providing extra security from hacking. 

--
You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mpls-stpaul-word...@googlegroups.com.
To post to this group, send email to mpls-stpau...@googlegroups.com.
Visit this group at http://groups.google.com/group/mpls-stpaul-wordpress?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Josh Leuze

unread,
May 13, 2013, 1:57:00 PM5/13/13
to mpls-stpau...@googlegroups.com
Your avoid list should be a lot longer ;)

Courtney Remes

unread,
May 13, 2013, 1:59:07 PM5/13/13
to mpls-stpau...@googlegroups.com
Thanks, Nick!  Awesome breakdown.  I appreciate your insights.


- Courtney


On Mon, May 13, 2013 at 12:55 PM, Nicholas Ciske <ni...@thoughtrefinery.com> wrote:

Nicholas Ciske

unread,
May 13, 2013, 1:59:17 PM5/13/13
to mpls-stpau...@googlegroups.com
Feel free to expand it -- those are just hosts I've personally seen issues with.

Maybe we should set something up to share our collective experience with hosts? Seems like it comes up a lot in discussions...

_________________________
Nick Ciske
@nciske


Josh Leuze

unread,
May 13, 2013, 2:05:22 PM5/13/13
to mpls-stpau...@googlegroups.com
I figured you were just being polite, it'd be a long list!

My rule of thumb is just to avoid all cheap hosts. Whether it's shared hosting, some sort of "cloud" space, or a low end VPS, anything under $20 a month is more trouble than it's worth. I feel like you have to shell out at least $50 to get anything decent that has the resources and support to be reliable.


Andy Christian

unread,
May 13, 2013, 2:11:47 PM5/13/13
to mpls-stpau...@googlegroups.com
I'd also like to add that security doesn't end with the web host either.

Logging into your admin account from an unsecured and possibly unsafe network without using SSL could be as disastrous as using an unsecured host. It's best to have an Admin account (but not using the username "admin) for actually changing the site's settings, and an Editor account for general post/page creation. That way, even if you log on using an unsecured network, and someone gets your username/password using a traffic sniffer, your admin will be protected. 

If you absolutely need to be able to log on while using unsecured networks, it's best to encrypt your login using SSL.

Not exactly directly relevant to the whole "Secure Host" conversation, but I guess my point is that it doesn't matter how secure your host is if you don't secure your end of the network.


Thanks,
Andy Christian
tadpole.cc

WordPress Hosting, Support,
Training, and Consulting

JustinF

unread,
May 14, 2013, 9:54:54 AM5/14/13
to mpls-stpau...@googlegroups.com
Page.ly is actually a reseller for Firehost... so they have whatever security features Firehost does, but it WordPress specific.  From my experience, I would avoid Page.ly.  Their hosting seems to be very slow and you're more likely to encounter problems if you aren't just doing a plain-vanilla WordPress install.

If you want a WordPress specific host, I'd recommend WPEngine.

Justin
To unsubscribe from this group and stop receiving emails from it, send an email to mpls-stpaul-wordpress+unsub...@googlegroups.com.

Nicholas Ciske

unread,
May 17, 2013, 12:27:47 AM5/17/13
to mpls-stpau...@googlegroups.com
Not all shared hosts oversell, just most. It's a been a race to the bottom on price and to "unlimited everything" for years, despite nothing ever actually being unlimited. I tend to avoid any business that has hidden catches built into their business model.

Host Gator made the list as I've never had a good experience with them, so I can only recommend avoiding them. I know lots of people swear by them (though many are affiliates), but I was giving my experience.

You don't have to spend $50, but when you spend more on a morning coffee than your monthly hosting bill... Ask of that's a wise strategy for your (or your client's) business.

Nick Ciske
@nciske
http://ThoughtRefinery.com/

Sent from my iPhone 5

On May 16, 2013, at 12:50 AM, Björn <bjor...@gmail.com> wrote:

> All shared hosting is going to be inexpensive due to overselling but I don't think it would necessarily fair to associate all of them as bad hosts altogether.

Jeff Sauer

unread,
May 17, 2013, 7:28:25 AM5/17/13
to mpls-stpau...@googlegroups.com
StudioPress (makers of the Genesis theme Framework) recently started offering hosting called Synthesis. I haven't used it personally, but might be worth looking into:

Winnie Williams

unread,
May 17, 2013, 11:41:24 AM5/17/13
to mpls-stpau...@googlegroups.com
I've had great experience with hostgator, particularly with their support. I've always had a human being within a minute, and they've been on the phone with me for as long as 2 hours (on what turned out to be my problem). The sites don't have huge traffic, but are very responsive. I've never had a site there broken into; never had my sites down.

I'd add lunarpages to the list of hosts to avoid. I've had sites there broken into repeatedly. Their support is TERRIBLE. It can take over a week to get a response, even when I have called in with a critical issue. They typically host wordpress with the database server on a separate server and the response times are terrible. They used to be great years ago, but I've moved everything off them recently.

Winnie

Jodi Stammer

unread,
May 17, 2013, 12:54:42 PM5/17/13
to mpls-stpau...@googlegroups.com
Winnie: Thanks for chiming in ... I use Hostgator (my sites are small and
low traffic) and was a little worried when I read what others had said. I
chose Hostgator over others because of the excellent support I've received.
It's good to hear your experience with them has been positive as well.

Jodi

Nick Ciske

unread,
May 20, 2013, 11:49:39 AM5/20/13
to mpls-stpau...@googlegroups.com
If anyone wants to try Web Synthesis... they are running an free trial offer right now.

Until Friday 5/24 at 5pm pacific time, we're offering it to brand new hosting customers at a very unique price:

- 3 months of hosting free if you choose our "Starter" plan, or
- 1 month of hosting free if you start with the "Professional" plan

To get your WordPress site hosted at Synthesis with this StudioPress Deal price, you MUST first click the link below:


After you click that link, you’ll see our Plans and Pricing page with a special message. You can then check out the rest of the site, and still get the special deal when you head back to checkout.

This offer is for new Synthesis customers only, through Friday, May 24, 2013 at 5pm pacific. You'll be asked for your PayPal or credit card info at sign up, but you won't be charged until after the free trial period ends.

_________________________
Nick Ciske
@nciske



On Monday, May 13, 2013 12:55:21 PM UTC-5, Nick Ciske wrote:


For managed WP hosting, I recommend Web Synthesis. They offer the flexibility of a VPS with the security of a managed solution. Best of both worlds in my opinion. Never had a site hacked here.

relish27

unread,
Jun 12, 2013, 9:27:17 AM6/12/13
to mpls-stpau...@googlegroups.com
Thought I'd mention that I did move a site to WP Engine last week and, thus far, I've found it to be really nice.  They provide their own caching and the site is super fast.  Support, while no live chat available, is reasonably fast via phone.  

Nick, what restrictions did you find with them?  Like, at what point would you run into issues/limitations?  I was curious about your comment -- "... many sites run fine, but the minute you go outside their narrow niche, things go badly fast" -- as I'm considering posssibly moving others there, too. 

One last note about Page.ly -- I didn't realize this until I was leaving them, as I hadn't needed direct access to the database for this site before... but they don't let you see the database at all!  I found that a bit odd.

Nicholas Ciske

unread,
Jun 12, 2013, 10:55:10 AM6/12/13
to mpls-stpau...@googlegroups.com

First client needed additional DBs and SSH access. WP Engine offers neither. Off we went to Synthesis.

Second client was a blogger with very active comments and a multi year history.

Migrating her site in was a challenge -- she hired their recommended service, "WebSite Movers" who had very poor service and it ended up costing far more than the original estimate.

Then we had to disable a handful of "disallowed" plugins. Site still had downtime issues -- so we'd gained nothing and lost  a lot of control. The issue? She had a massive comments table -- you’d think WPE would be able to handle that... but it became such an issue I moved her to Synthesis.

WPE's built in caching is nice, until you realize they cache one copy for all user agents. So media queries & ajax are your only options -- you can't do any browser or device sniffing to add/remove content from the page (some would say that's not best practice, but serving unneeded content and images to mobile is not a great idea either). Since the site was built that way, WPE essentially broke the mobile version and required me to rewrite parts of it. Synthesis uses W3TotalCache -- which allows you to configure caching for your site vs a global config.

So, for a plain vanilla install without a massive comments table, WPE will work great. But so will Synthesis. And so will a lot of other hosts.

Since Synthesis is similarly priced and has the flexibility for future expansion (e.g. no migration needed if you hit a wall at WPE) it's become my preferred WP optimized host.

_________________________
Nick Ciske
@nciske


Courtney Remes

unread,
Jun 12, 2013, 11:39:26 AM6/12/13
to mpls-stpau...@googlegroups.com
Thanks, Nick.  This is helpful.


- Courtney


--
You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mpls-stpaul-word...@googlegroups.com.
To post to this group, send email to mpls-stpau...@googlegroups.com.

Becky Caneday

unread,
Aug 8, 2013, 12:09:00 AM8/8/13
to Minneapolis St. Paul WordPress User Group
Any experience with Site5?

~ Becky

 


--

Nicholas Ciske

unread,
Aug 8, 2013, 10:37:29 AM8/8/13
to mpls-stpau...@googlegroups.com
Not personally, but iThemes seems to like them:

_________________________
Nick Ciske
@nciske


On Aug 7, 2013, at 11:09 PM, Becky Caneday wrote:

Any experience with Site5?

barbara schendel

unread,
Aug 8, 2013, 8:56:57 PM8/8/13
to mpls-stpau...@googlegroups.com
I have been aggressively looking for new hosting lately, since I'm pretty frustrated with Bluehost, so I decided I'd be a guinea pig for you, Becky. :)

I signed up for the free trial of the shared hosting "hostpro + turbo" plan. 

So far, I love it.

Here is what I liked:
price vs features with reported 99.9% uptime. (who knows if that's really true, that's what bluehost says too, but we'll see)
multiple cpanel accounts, to keep clients cpanels separate from mine
the fact that it HAS cpanel (looked at several cloud hosting options like digital ocean which are mostly command line, which I'm not comfortable with)
1-click WP install that lets me name the database it auto-creates [so that I don't end up with a zillion databases with names like "Word12" like with bluehost installer]
After installing, it emails me a complete report including database name, pw and admin pw. Good to keep for my records
The only plugins it offered to install for me was "limit login attempts" -- an actual useful plugin that people might actually want! NOT all the paid plugins that bluehost tries to dupe me into signing up for.

only thing I didn't like so far was that the 1-click installer didn't actually give me the option to use my own database. maybe I just missed it but I didn't see an option for that.

Can't really speak to anything else yet because I have only used it for like an hour. But so far, I like it!!

Thanks for bringing it up Becky!

-barbara-

Peter

unread,
Aug 9, 2013, 12:56:20 AM8/9/13
to mpls-stpau...@googlegroups.com
Bluehosts is owned like many of the major ones by Endurance
International Group...
https://en.wikipedia.org/wiki/Endurance_International_Group

Site5 was recently sold in 2007
https://www.site5.com/about/management/ but isnt owned yet or run by a
big wall street hedge fund like many others in the hosting scene.
Reply all
Reply to author
Forward
0 new messages