Secure web hosting comparison
A comparison chart of all the security features of the most important hosting companies.
Note: The data in the table is taken from live chats we had with each of the listed hosters. We polled them about every feature and then listed them here.
Serious Lacking - OK
All of the hosting companies advertise SSL as included in the package. Note: This is not true. In our chats with the hosters we have found out that
in order to have SSL enabled you need to first purchase a dedicated IP address ($30) and then a certificate ($45). Hence SSL is NOT included as they advertise. In our comparison table we put "Avail." where the above applies.
Godaddy offers real included SSL certificate for the Ultimate plan.
* Hostgator offers shared SSL for ecommerce included in the price and dedicated SSL for the Business plan ($12/mo).
In the chats with the hosters, all of them responded Yes to the question "Do you provide Anti-DoS protection?". Note: all of these companies have an Anti-DoS solution for their servers. This doesn't mean that you won't be hit by denial of service or that your account won't be suspended because your website is lagging the whole node because of the attacks. To the question "What countermeasure do you take if I am victim of a denial of service?" most of them responded saying that the account may be terminated or upgraded (at your expenses) to a dedicated plan if it causes connectivity problems to the other customers on the same node
A good Control panel is not only a convenience feature, but a must when choosing a secure shared hosting. In house/Custom control panels are not necessarily insecure. That's why we didn't treat custom control panels as a lacking security feature. cPanel and Plesk are standard and very secure control panelthat should be preferred.
While in need of a secure hosting solution, one should pay close attention to the type of support provided. There will be some point in time in which you will need your web server to be restored (because of an incident or a misconfiguration) and you want it to be done quickly.
Emergency ticketing and toll free are a must in this direction.
All the hosting companies advertise complete user accounts isolation. This means that userA cannot access files of userB on the same shared server.
This seems to be obvious although it isn't. PHP safe_mode is no longer supported by many hosting companies since will be removedwith PHP 6.0.
Windows shared hosting that provides user isolation and App pool isolation seems to be the best choice in this direction, since it provides the best real form isolation.
For corrections, suggestions and requests please comment below