Why shared hosting is insecure and bad for your business

Shared hosting; cheap, accessible, and ‘safe’. That last one is debatable. Shared hosting is what many people use to host their websites on and make it availability to everyone to view worldwide. But, is saving a few extra bucks worth it? Well, if you have a blog and don’t store actual data, then yes. I recommend shared hosting 100%. But, if you have anymore than that. Stop what you’re doing, grab your cup of coffee, keep reading then freak out.

Shared hosting is something I’ve done a lot of research on in terms of security. Sure, the servers can be secure, your site can be secure (in a way) but do you know how many other sites you’re sharing your server with? If you go onto your Pyramid Security dashboard and are on a shared hosting plan, the vulnerabilities tab will give you every single site that you share the servers with.

So, why does this matter? It matters because a hacker can easily gain access to the site that is the least secured and eventually, that means your servers are hacked. When your servers are hacked the attacker can then place backdoors and even gain access to your information. This is all too common as well. To sum up this point, if an attacker hacks a website that you share a server with (shared hosting) your site also has a high chance of being compromised since your server is as well.

Okay, but again, you think your site is safe, right? What if one of those other companies sites gets hacked? And the attacker broke into the server, that hacker can change multiple different configuration files and take any site he/she wants. Shared hosting is a great cheap option, but they can be extremely insecure. Any hosting company that says they are 100% secure on their shared hosting, I would walk away from. Nothing is 100% secure… yet. Probably not ever actually.

Another issue I have seen with shared hosting is a DDoS/DoS attack. A Distributed Denial of Service attack is when an attacker floods a websites server with a ton of fake traffic resulting in the site and the server to go offline. When you are offline you loose customers and money. Let’s say that you are sharing a server with a hundred other websites, one of those websites is currently under a denial of service attack. Even though your website wasn’t the main target, you are on the same server, the same IP, and chances are your site better gear up because it will go offline.

Now, don’t let this discourage you. Shared hosting is really good for blogs and the like, but if you were to host your companies website on it, the one where you store valuable data from your customers, I would look into something a little more secure than sharing a site with someone, I always recommend a VPS (virtual private server) or of course just hosting your own server for maximum security.

If your on a shared hosting plan and you want to see all of the sites that you share with, simply go to your dashboard at pyramidsec.io and run a scan on your website. In the very first module under “Vulnerabilities” when the scan is complete, you will be able to see them all. It might actually surprise you with how many other sites are on your server, and just how insecure those other sites may be.