Hosting your website on a safe and trustworthy hosting company is essential.

You need a hosting provider that offers excellent reliability, security and support.

But who can you trust with your self-hosted WordPress blog?

There’s been a lot of discussion regarding recent hacker attacks and hosting providers. And many people ask me what I look for in a hosting company, so I thought I would share a few tips with you.

When searching for a safe web host, the first 10 things I look for are:

1. 24/7 Technical Telephone Support - In a crisis I don’t want to wait for a response from an email or wait until their open tomorrow to call. And I want them to be friendly and helpful, don’t give me the ol’ “We don’t provide that type of support here” or “You need to go search our help section” for simple questions.
2. Daily (or weekly) Backups - If my database or website gets corrupted I need a reliable backup if mine fails.
3. Website Restoration - God forbid my website gets hacked, I want to know that my hosting company has my back and will restore my site.
4. 24/7 Security Monitoring - Someone better be monitoring my site’s server for any attacks or issues.
5. Updated Applications - I want all the latest secure versions of Apache, PHP, MySQL, etc. on the server. And I want them to provide proof. Show me!
6. Timely Security Updates - My host needs to keep up with application/software security updates. So I ask how often they update. Just like it’s my job is to keep my WordPress site updated and my computer safe with Windows updates, virus scans, firewalls, etc.
7. SFTP (SSH File Transfer Protocol) and SSH (Secure Shell) - I will not use a host that does not allow me to encrypt my file uploads.
8. SUPHP Installed - If a host says no, I run the other direction. I will NOT set any server permission to CHMOD 0777.
9. Positive Customer Reviews - I search the Internet, ask on Twitter and Facebook, and read customer reviews/testimonials.
10. No Hidden Files - When I use my file manager in the cPanel or look via SFTP, I want to be able to see all my files, including .htaccess and php.ini.

Oh, and one last tip… Call the technical support line and see how long their “hold time” is. When the auto-attendant says, “You are caller #64 and your hold time is 32 minutes,” run the other direction. (Hmmm, does that mean they estimate 30 seconds  to answer everyone’s question?)

Another question I get a lot is “Who do you host with?” The answer is: HostGator (my affiliate link). They cover all the tips I mentioned above.

Recommended WordPress Plugin for checking server vulnerabilities:

ServerBuddy tests the server’s configuration and checks for some vulnerabilities and compatibility issues with your WordPress, WordPress themes, plugins and more.

We’d love your feedback

Who do you trust with your website content? What do you look for in a host provider? Share your tips, hosting company reviews and ideas by leaving a comment below.

Securely yours,

Regina Smola
WordPress Security Specialist
Follow on Twitter @WPSecurityLock
Become a Facebook Fan

Related Posts:

• WordPress 3.0 Thelonious Security Features
• WordPress Security Tip – How to Protect the wp-config.php File
• May Day Mayday! “The Hacked” And “The Hacked-Nots”
• How to Upgrade from PHP 4.x to PHP 5.x at Go Daddy
• WordPress Security Radio Interview at Night Cap

—>

In light of the recent (and semmingly eternal) attacks on Godaddy hosting, these tips for secure web hosting are very timely…and a nice tip on the ServerBuddy WP plug-in, too.