Let me begin this post by saying the following: I still don’t know if I’ve found a proper home for my web site yet. The server that’s serving up this page might not be my permanent home. This article is more or less to guide you through various options with some real (unpaid, unaffiliated) first hand experience. I won’t be recommending any hosting providers here, but rather sharing my experiences with various web hosts. You won’t find any affiliate links here.
I’ve been developing web sites for many years, since about 1998. Back in those days, it was good enough to use a free service like Geocities or Angelfire for your web site, unless you were a major company. I didn’t start developing web sites professionally until 2001, when I was fortunate enough that my first paying client happened to run a web hosting company, and as a bonus to my (very cheap for the time) work, I received free hosting. I was able to get by on this for many years, often without even having a proper domain name.
Toward the late 2000’s, I decided it was time to get a legitimate paid web host. At that time, the most solid offering for the money was HostGator, who had really cheap “unlimited” plans, and on the surface, looked like an amazing deal.
I started out on HostGator’s highest tier shared hosting plan, since even that option was dirt cheap, and I had the intention of running several web sites from one account, as I often do. In the beginning, everything seemed to be great. The server performed well enough for my tastes, so I was happy. In fact, I managed to go several years without any issues, particularly since most of my sites weren’t particularly high traffic, save for my blog that generated a few thousand visits per day. This was when HostGator started to be a problem… the moment my sites started getting more than 5 or 6 unique visitors in a day.
The first problem popped up when a particular blog post went semi-viral. It was a rather large post, with many images, and the sudden influx of visitors triggered a phone call from HostGator. “We’re shutting you down” they said. Only temporarily, but it was an annoyance none the less. “But I paid for unlimited everything!” I said. There’s fine print in everything, and this is the first lesson learned. There is no such thing as unlimited in web hosting. HostGator admins did something to my WordPress blog, just that one page, but that one page never worked again.
Over the years, I stayed with HostGator, treating it as an isolated incident in an otherwise enjoyable experience in the world of hosting. I even managed to have several other blog posts go viral, being featured on major sites like Consumerist.org. No more issues this time around, so I thought I was in the clear. Then, reality hit.
One day, my checking account was hit with a huge charge from HostGator, near $1,000. As it turned out, there was a glitch in their billing system that caused it to believe I had never paid any of my invoices since the day I first signed up, so it went to collect all the back pay. After a mild heart attack, and the better part of an afternoon on the phone with support, I had my refund, but it certainly was an unexpected thing, and not one bit of fun to deal with, no matter how friendly or helpful the support representatives were.
Then, one day, HostGator was absorbed by another major company, EIG. EIG is notorious for acquiring good hosts and turning them bad (more on that later). Still, I stayed. That’s when the real problems started.
Repeatedly, my monthly invoice kept going up in price, without any notice or consent from me. The servers got slower and slower, making my sites inaccessible unless you possessed a great deal of patience. I got over billed again due to another invoice system glitch, this time for a couple thousand dollars. Support became more and more difficult to reach, and to solve problems. Then, one day, the worst happened. My account was hacked.
How could this happen to me? I exercise proper computer security. I use unique passwords for everything (randomly generated, thanks to LastPass). HostGator never emailed me to confirm the change of password the hacker made, or the change of the primary email address on the account. The hacker was able to charge over $3,000 in VPS services to my debit card, without even requiring re-authorization or the CVV2 number from the card. I found out about it rather quickly, since my bank noticed the unusual charge and called me to verify. It took 3 days of dealing with support to get the situation resolved.
HostGator assured me that they couldn’t be at fault for the security breach, that my password must have been key logged, or involved in a breach elsewhere (despite using different passwords for everything, and never actually typing any password, anywhere, ever). I finally decided that I had enough and decided to leave HostGator after a decade. I needed to act quickly, and didn’t know where I was moving to, so I decided to just use my local development server short term until I found a new home for my sites. As it turns out, you cannot simply cancel your account through HostGator via your customer management page, you have to actually contact support. Support was, as usual, useless in this regard, and ended up in me just terminating my payment agreement via PayPal. When I went to get the domain transfer authorization code to migrate my domain name away from HostGator, the page wouldn’t display the code, and instead told me it would email me the code. Sure, no problem I said, clicking the button. What I received in my email seconds later was not a transfer authorization code, but rather my main account password, in plain text.
In plain text. That means that HostGator either saves password in plain text, or uses a reversible encryption algorithm for storing passwords, both of which are scary possibilities. HostGator, take note. You need to salt your hashes. Not that it would really make much difference, since a HostGator employee was arrested for rooting and installing backdoors into 2700 of their servers. But yeah, it was my fault my account got hacked.
Still not convinced? Take the time to read this very interesting Reddit post reviewing HostGator from the perspective of one of its own employees. After reading this, and knowing full well how the company treats its customers and employees, I will absolutely not be supporting them ever again.
Ah, yes, GoDaddy. Probably the most well known web host in the world due to their marketing. Being well known does not make them a good host, however.
I won’t hate on GoDaddy too much. I have a fair amount of experience with them, and in their defense, their customer support has always been helpful, prompt, and courteous. Customer service, in my opinion, has never been the weak link in the GoDaddy chain. The problem with GoDaddy is their constant upsells and server performance.
The constant attempts at upselling I can forgive. They’re a company out to make money, so why not? What I can’t forgive is shared hosting companies that overload their servers, which basically all of the big ones (especially EIG companies) tend to do. Where a typical, responsible host, would put a few dozen customers on a single server sharing resources, companies like GoDaddy and HostGator will put hundreds, if not thousands of customers on a single server. What results is unreliable uptime, and slow performance. This even proved to be the case for GoDaddy’s managed WordPress hosting service, which I had a client use once. After a couple of hours of wrestling with it, I simply recommended he move to another host and get his money back from GoDaddy. Managed WordPress hosting is supposed to be optimized for WordPress, and very fast. GoDaddy’s service was anything but that, often performing on par with or worse than its cheapest shared hosting options.
At this time I cannot recommend GoDaddy for anything outside of domain registration, which I still don’t recommend due to additional fees for domain privacy. I still get driven near insane by the spam emails, calls, and texts trying to sell me web site design. Really guys? Did you even look at my site before you called? Talk about selling ice to an Eskimo.
Ah, yes, Media Temple. Oh, how the mighty have fallen. Media Temple was recently acquired by GoDaddy, and as such, their server performance in my (purely anecdotal) experience has taken a sharp dive. I have recommended MT to several clients in the past, and at the time, their managed WordPress server performance was one of the best I had worked with. Now, with no changes to those client sites (outside of core/plugin/theme updates), they have slowed to a crawl.
I can’t in good conscience recommend Media Temple to anyone now based on current performance as of this writing. They also happen to be rather pricey.
Let me begin by saying that Digital Ocean is not your typical web host. There is no traditional cPanel like you might be used to. DO provides VPS, or rather, virtual private servers. Basically, you are able to spin up a virtual machine on their servers that for all intents and purposes is like having your own private Linux server, with full root access. There are no arbitrary restrictions like you might find on shared hosts. You simply pay for the resources you need (CPU cores, RAM, SSD storage, bandwidth) and you’re off. The downside to this is that if you know nothing about Linux server administration from the command line, you’re boned. You are responsible for everything on the system, from initial configuration of needed services (like the LAMP stack, SSH, etc.) to maintenance and updates. You are completely responsible for all security aspects of the VPS.
Digital Ocean is more for the technically-inclined, although not all is lost. There are management services like ServerPilot.io that make management easier, and the free plan might work well for most people, but you’ll be paying a monthly fee for that too if you want to view stats or add SSL to your site(s). Digital Ocean charges more for resources than its main competitor Linode, but works very well, and their customer service is beyond anything I have experienced with other hosts, and is extremely friendly, helpful, and fast. Performance, in my experience, is very good, although you truly get what you pay for with DO. If you’re only running one small site, there is no faster or cheaper option, even if it is considerably more DIY.
When it comes to Linode, everything I said about Digital Ocean is true, but with the exception of performance. I’ve read posts across the internet praising Linode for its VPS offerings, and as far as I know they were the first major VPS provider. It stands to reason that they would be the big dog in the VPS market.
My experience with Linode was not that great, to be honest. Support was reasonably quick in getting back to me when I had an issue, but performance was strange. I used ServerPilot to manage the VPS, just as I did with Digital Ocean, and my own local virtual machines, but for some reason the on-page performance of the web site I hosted there was very poor, and their network link (which would be their inbound gigabit connection) was painfully slow in migrating my site to the VPS, taking 30+ minutes to transfer a 200mb web site. Digital Ocean and shared hosting providers only took a couple of minutes for the same migration.
Honestly, I’m not sure what everybody sees in Linode, as I canceled my account with them inside of a few hours. Maybe the particular data center my VPS was located in was experiencing issues at the time, but it was not a good first impression.
So What Am I Using Now?
As of this moment, I am using the top tier shared hosting plan from VeeroTech, a small hosting company based out of North Carolina. It’s one of the 3 recommended US hosting providers listed in the sidebar at https://www.reddit.com/r/webhosting/, so I decided to give them a try. I would say I am reasonably pleased thus far, aside of a few issues like some of my older portfolio sites not loading their index properly, instead generating an error page (but yet I can access the pages directly and they work fine), as well as a redirect I created and then deleted not going away, rendering one of my internal sites inaccessible for the time being. I also don’t seem to be able to apply Let’s Encrypt SSL certificates to subdomains. InfiniteWordpress backups also appear to fail on my 3 main sites, but work fine on the smaller sites. UpdraftPlus backups seem to work fine, and back up to my Dropbox without any issues, and without bogging down server resources as much.
These are minor issues, but issues none the less. I will be sure to add more to this page as I move forward. I might end up just self-hosting at home again, but who knows. Hopefully this helps you avoid some mistakes when selecting a web host.
UPDATE 4/12/2017, 5:16PM
Buh bye, VeeroTech. I wasn’t very impressed with how they handled my support ticket at all. Support staff was dismissive of a major problem. It also turns out that I was mistaken about their WordPress hosting being managed hosting. It’s simply a deliberately hamstringed plan with WordPress pre-installed, but the services are basically the same… except you can only have one site, for roughly the same price as shared hosting with unlimited* (remember what we talked about?) sites.
So, for now, I’m back on my home server, and under the Cloudflare umbrella. It’s cozy here, I think I might stay a while longer.