Are you up to speed on best practices for choosing a web host? Our Chief Technical Officer, Brian Van De Wetering, shares lessons learned from the tech side of website development.
Staying current on best practices for choosing a web host for your new website is kind of a big deal. The choices you make upfront will affect your site speed, security, usability, SEO, and basically everything that keeps your brand online and in front of your customers. It’s important to consider all the pros and cons of each step, check reviews, and test before you jump into the game.
In this article, I’ll help you understand what type of web host is the right match for your project. I’ll also give you some tips on how to avoid common pitfalls.
This collection of frequently asked questions on best practices for choosing a web host is a living online resource. We’ve found the best questions and advice are usually in the comments, so please feel free to ask questions and share your experiences!
What is your vendor selection process for website development?
Our vendor selection process involves in-depth research to identify the top players in the market, reading independent reviews, and, wherever possible, getting first-hand information from actual customers. We also make our decisions based on an agency perspective, managing multiple websites. Small issues for a single site may seem insignificant, but when applied to many domains, the difference can be exponential. When reviewing our list of best practices for choosing a web host, keep in mind that we tend to choose the path of least resistance for everyone.
Generally speaking, hosting plans are inexpensive enough that it makes sense to do a test run with a low-criticality site. All the reviews and marketing hype won’t really tell you what it’s like to work with a vendor. When I was working in the enterprise world where vendor contracts were in the six and seven figures, I would always ask for a free evaluation account or project, i.e. a test drive. Most vendors at that level were willing and had mechanisms in place to accommodate that. Go with the vendors who offer free test drives so you really know what you’re getting.
Hosting: Acquia vs. WP Engine vs. Pantheon
Acquia is a Drupal-only host, whereas WP Engine is a WordPress-only host. These are sometimes called “managed” WordPress or Drupal platforms. Their technology stacks are tuned for the performance idiosyncrasies of those platforms, and they provide their own suite of site management tools for functions, such as backups, revision control, and separate development and QA environments. Other hosts, like GoDaddy, primarily offer space on a shared server with no site management support.
Pantheon supports both Drupal and WordPress. Initially, we tried hosting with Pantheon, but their bleeding-edge server architecture was incompatible with the WordPress theme we were using. Without getting too deep into technical details, we determined hosting with Pantheon would have required us to either customize the theme or file a request with the theme vendor to change their code, which would have caused unpredictable delays in the project timeline. Once you get past the initial code issues, there’s a good chance that the next plugin or theme could suffer from the same flaw. While Pantheon has the benefit of supporting both platforms, you will need to check compatibility with your preferred theme and plugins. Again – path of least resistance.
What are the benefits of using a full-service host like Acquia?
Developers who choose a full-service host like Acquia benefit from site management and development tools and the host’s commitment to proper IT governance practices. Acquia provides three programming environments for each site: development, testing, and production. Since these functions are part of the Acquia package, developers don’t need to use external resources. Additionally, they provide state-of-the-art revision control built into their platform with easy drag-and-drop tools for managing those environments. They also allow us to create multiple users with granular access control, which allows you to give different developers access to different sites and functions. This means when a developer leaves, you can just disable their account instead of changing passwords for multiple accounts.
WP Engine provides similar functionality for managing multiple programming environments and granular access control for multiple users.
What are the most important checkpoints on website security?
When considering best practices for choosing a web host, don’t forget about security. Security should be a concern for everyone, not just enterprise-level clients. However, most of our clients don’t have an enterprise-level security budget. The cost of the lock should be proportional to the value of the contents of the room, so it’s important to look closely at a host provider’s commitment to security.
Short of a headline worthy breach, it’s nearly impossible to directly evaluate a host provider’s security practices. We look at what third-party certifications they maintain, paying particular attention to certifications that require an outside audit or penetration test. Some certifications to look for are SOC 1 and SOC 2, ISO 27001, PCI-DSS (Payment Card Industry Data Security Standards).
PCI compliance can be harder to evaluate. WPEngine claims compliance by not allowing credit cards to be stored or transmitted on its hosts. On the other hand, Acquia provides fully PCI compliant hosts. This extra level of security comes at a slightly higher cost than the bargain basement hosts, but not nearly the costs of a full enterprise solution. Even if a client is not doing any eCommerce, a hacked site can trash SEO and damage a company’s reputation if the site gets flagged by Google as containing malware.
Most security vulnerabilities reside in outdated plugins, CMS core files, and themes, meaning it’s crucial to keep them updated with the latest security patches. These full-service hosts make it easier to do that with robust backup functionality and non-production environments for testing.
Traffic Considerations: Are some host providers more scalable than others?
Don’t believe a host provider that promotes unlimited bandwidth. There is no such thing. Instead, look at how the host handles overages. When your monthly bandwidth allotment is consumed, two things may occur: your site is taken down until the end of the month, when bandwidth refreshes, or your site stays up and your host charges overage fees by the megabyte. The first can cause you to lose significant revenue; the second can bleed your budget in overage fees. It’s important to look at how your host counts traffic and the mechanisms they provide for temporarily increasing capacity.
Got tech questions on website development and eCommerce?
In my 30+ years of software and web development, I’ve learned a few digital life hacks along the way. This article is the beginning of a blog series to help you master the tech side of digital marketing. Each article will be updated with answers to questions we receive from clients and readers.
