My Web hosting space with a major Web host does not

Hello,

My Web hosting space with a major Web host does not separate out my Web sites in a shared hosting environment. In a previous post I read that this is important in case of a crash so that all site in a shared environment are not taken down as well.

Would you be able to please clarify?

Kind regards,
Mike

  • Adam Czajczyk

    Hey Mike,

    I hope you're well today and thank you for your question!

    I went through your other threads and I believe you're referring to a WP Multisite install (as mentioned here: https://premium.wpmudev.org/forums/topic/there-can-multisite-let-me-install-wp-but-then-have.

    Let me then elaborate a bit on this :slight_smile:

    From the visitors (that's not an admin or a logged-in user) there's really no difference between multiple single-site WordPress installs and one Multisite install. A site is a site and that's what visitors see.

    From the Multisite (i'll refer to it as a "network" from now on) WP admin point of view the difference is huge. You are able to manage all the sites from a central dashboard, you've got control over users and their actions. You can create and manage various "relationships" between sites/users easily.

    Managing a network of sites instead of multiple separate sites is just easier in many cases, especially if you've got a lot of sites.

    From the technical point of view, there's another big difference. While multiple separate sites are just separate and independent WP installs (thus, can be spread over multiple, separate servers or hosting accounts), the network is actually one WordPress and although it can be accessed via multiple domains (so you get one site under a.com domain, another under b.com domains and so on) the sites are still using one, single "engine".

    This means that all those sites are installed on a single server and you cannot easily spread them across multiple servers.

    So, there's a chance that if one site gets hacked other will break as well. It's not a rule of the thumb though. That being said, both solutions (Multisite and multiple single sites) have their pros and cons. It's always up to site's admin whether those cons constitute an acceptable risk or not and whether there's more or less pros than cons.

    Going back to "sites separation in a shared hosting environment": the issue here is how the shared hosting environment work. Three most popular hosting solutions are:

    1. Dedicated server
    2. VPS (Virtual Private Server)
    3. Shared hosting

    Let me briefly explain each one then.

    1. Dedicated server: this is probably the safest solution of these three. You get your own, physically existing machine and nobody else is using it. There'll always be your sites only and you've got a full control over the server's setup.

    2. VPS is almost like a Dedicated server but it's based upon the Virtualization Technology (http://en.wikipedia.org/wiki/Virtualization). So, there's a single machine with a virtualization software running on it that creates a few "virtual servers" that are separated from one another. You've got control over your VPS and nobody else is using it, however the physical environment is common for a few servers.

    3. Shared hosting is different. It's a machine that doesn't use virtualization. Imagine an office locker with a few shelves and a few doors. Each employee has his own key to one door, giving him access to one shelf. Still though, this is just one locker and shelves are not separated by anything other than a thin plastic wall. It's extremely easy to just push that wall and get access to another shelf.

    That being said, the only way to truly separate sites would be to spread them across multiple servers (if those would be shared hosting accounts, you should make sure that each account is on separate machine).

    However, as I mentioned before, those are just typical pros and cons and the only way to find a reasonable solution is to consider them in reference to the particular case and your needs.

    I hope that helps and if you have any further questions, don't hesitate to ask. I'll be glad to assist!

    Cheers,
    Adam

  • Michael

    Hi Adam,

    Thank you very much, I do appreciate all the detail above.

    Would you be able to advise what I should do with the hosting plan below to best run & secure WordPress?

    Currently I have a Deluxe Hosting plan set up here:
    http://addtocart.uworlds.net/hosting/web-hosting_4.aspx?ci=83725&prog_id=uworlds&pl_id=478817
    http://addtocart.uworlds.net/hosting/web-hosting_4.aspx?ci=83725&prog_id=uworlds&pl_id=478817

    I have heard from their support on what this entails:
    "There isn't a wordpress firewall, usually you would want to use a plugin like wordfence. For the malware scan you would want to get our sitelock product. This will allow you to get daily scans against the website and malware cleanup. Isolation on shared hosting isn't possible, since it's shared hosting, but you can get a dedicated IP address to not share the IP. That is done with a SSL CERTIFICATE".

    "Our network protection is in place to protect the network as a whole not individual websites. Sitelock is designed to scan your website for intrusions and malware that may be injected through vulnerabilities in your website. In order to truly protect your website we strongly recommend including a security system such as Sitelock to protect your site against malicious activity."

    Do you know if one Sitelock protect my entire hosting plan?
    Is WordFence on a per WordPress site basis, and if so what is the benefit?
    Does one SSL cover that entire hosting plan, and if so what is the benefit?

    I think I would prefer to not use Multisite from everything I have read, but ManageWP sounds like a good solution, and then I can get my plug-ins from WPMU ... but seems I still need to host somewhere so wondering how to get the most secure solution from my existing plan above (since I have already paid for it for a year in advance)?

    I really appreciate your help, and it is making a difference so that I can get the foundations of my WordPress future set up to the best of practice from day 1. Dedicated servers are out of my budget at the moment however (but I will move that way if you feel the case is strong enough if other measures aren't)?

    Many thanks,
    Michael

  • Adam Czajczyk

    Hey Michael,

    I hope you're having a great day!

    Just to make things clearer, I'd like to go by the points with my answer. I hope you don't mind that :slight_smile:

    1. Your hosting

    I've checked the description of your hosting plans but honestly there's not much to talk about. This is a standard shared-hosting solution so you don't really have much impact on how does the server work and/or how strong its security is. However, there are always a few things that can be done.

    First of all, after you install WordPress you could take care of file/folder access permissions. These can be setup via the file manager that's most likely added to the server's admin panel or via FTP. Files such as wp-config.php and .htaccess shouldn't be writable at all. WordPress folder shoudn't be also accessible by anyone (shoudn't have 777 permisions).

    You may want to take a look at this articles:

    http://codex.wordpress.org/Hardening_WordPress

    https://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/

    https://premium.wpmudev.org/blog/security-101/

    2.

    Isolation on shared hosting isn't possible, since it's shared hosting, but you can get a dedicated IP address to not share the IP. That is done with a SSL CERTIFICATE

    A dedicated IP wouldn't provide a full separation, actually. It will however partially separate your site(s) from 3rd-party sites residing inside the same shared environment. I agree with your hosting's tech support that implementing SSL Certification would be good for security and it does require you to buy a dedicated IP.

    It's also great for one more reason: as you may know, Google (and probably Bing will follow this way soon) now prefers "secure sites" (those SSL protected) over "non-secured sites". They officially claim that such sites would be ranked higher in search results.

    3.

    Do you know if one Sitelock protect my entire hosting plan?
    Is WordFence on a per WordPress site basis, and if so what is the benefit?
    Does one SSL cover that entire hosting plan, and if so what is the benefit?

    I've heard much good about Sitelock but personally I haven't had a chance to use it yet. From what I can understand from their product pages their protection work, let's say, "in between" the user and the server. So, the traffic flow should be like this:

    Browser -> Sitelock -> your server -> your site

    This should give you a fairly efficient protection.

    As for Wordfence. This is on "per site" basis, however I can tell from my own experience that it provides you with a fairly high level of protection, including among other things:

    - firewall
    - IP scanning/blocking/locking
    - password control/hardening

    As for SSL, I guess I've already shown you benefits. One more thing to add would be that SSL Certificates usually doesn't work on a per-server basis. Given that, for every website (or a domain) you wan't to protect, you need to install a separate SSL Certificate (and this equals a separate dedicated IPs for those domains).

    4. "I think I would prefer to not use Multisite from everything I have read, but ManageWP sounds like a good solution, and then I can get my plug-ins from WPMU ... but seems I still need to host somewhere so wondering how to get the most secure solution from my existing plan above (since I have already paid for it for a year in advance)?"

    Sure you may use separate single installs and manage those with ManageWP. As I said previously, it's up to you to consider all the pros and cons :slight_smile: I think spreading those websites across various different dedicated IPs with SSL Certifications and protecting them by:

    - following the guide I gave you at the beginning of this post
    - using WordFence (and Sitelock)

    should result in quite a high security level. Actually, I can tell from my own experience that most of the sites aren't protected that good.

    As for WPMU plugins, please note that though we do have plugins for both Multisite and Single WordPress installs, a good amount of them works only (or better) in a Multisite Environment. Still, you will find here a lot of handy and efficient plugins also for your single site installs :slight_smile:

    5.

    Dedicated servers are out of my budget at the moment however (but I will move that way if you feel the case is strong enough if other measures aren't)?

    In this case I wouldn't go for a dedicated server right from the start. You can always move your setup and it's not that difficult as it may seem. Also, using a dedicated server requires a great amount of knowledge on server's administration. That said, it sometimes turns out that it doesn't give you that much security as shared hosting or it does but it costs you a lot more money (e.g. hiring a professional administrator) and/or time (if you manage it yourself).

    I hope that helps!

    Cheers,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.