The Dangers Of Using Shared Hosting And How To Prevent Them

Are you worried that your shared hosting plan could get hacked, destroying your WordPress site and online business?

If you are a small business, freelancer or just starting out online, chances are your website will be on a shared hosting platform.

Shared hosting is popular because it’s cheap, making it ideal for small websites that don’t need huge server resources.

But there are risks to having your website on a shared hosting environment.

What Is Shared Hosting

If you have a website, it needs to be accessible to the public and therefore it needs to sit on a public web server.

Not every website has thousands of pages and needs to handle logins, registrations and e-commerce, so different “sizes” of websites require different sized resources which is why hosting companies offer a suite of hosting plans, priced accordingly.

Also, not evert business, especially start-ups, can afford paying thousands of dollars every month for a private server.

Hence, shared hosting was born.

Shared hosting is where a single server (computer) is divided up, allocating accounts for website owners to host their website on.

In a shared hosting environment, a single server can host hundreds or even thousands of websites.

This is how hosting companies can offer shared hosting at very cheap prices, however, we have to ask the question – “How secure is shared hosting?”.

What’s the “price” of using shared hosting from a security point of view?

The 6 Dangers Of Shared Hosting

Think of an apartment block colmplex where you are renting out a single suite.

In this analogy, the apartment block is the shared hosting environment and your suite is your website.

An apartment block has many communal area such as stairways, hallways, car park, roof access etc.

If any one of the other suite owners left a door or window open, a theif could get access into the apartment block making it easier to make their way to your suite, testing the doors and windows to see if they can gain access.

Welcome to the dangers of using shared hosting.

Shared Hosting Danger 1 – The Shared Directory

Your WordPress website needs a directory for the files that make up the website; images, video, PHP, JavaScipt, CSS etc.

On dedicated hosting these files will be hosted in a directory on the server, isolated from other servers and websites.

However, on shared hosting there will be one server directory with multiple website directory files inside.

This means that all the websites on that server are intrinsically linked to each other through that common server directory.

If a hacker (bad actor), can gain access to that server directory, they could then get access to all the other websites on that server, including yours!

Shared Hosting Danger 2 – Shared IP Address

An IP address is a unique code assigned to a server allowing traffic to be sent and received over the internet.

Think of your house number and street address – same concept.

Because a server IP address is unique to that server, all the websites on a shared hosting account will share that same IP address.

This can cause issues on many fronts:

  • Google blacklisting an website on the same server – your site gets blacklisted
  • Attacks on a website on the same server – your site gets caught in the crossfire
  • Email from the same server gets spam blocked – you can’t send or receive email

Shared Hosting Danger 3 – Shared Database

Along with files that reside on the server, your WordPress website stores most of its content and settings in a database.

Similar to the shared server directory, many shared hosting plans use a single database for storing all these website database tables (WordPress Multisite).

The database server IP address (or host name), username, password and port number are all stored in plain-text in each WordPress site’s configuration file, wp-config.php.

If a hacker can gain access to just one website’s confiuration file on the shared server, they now have the login details for the database server where all the other websites on that server reside, including yours!

Shared Hosting Danger 4 – Slow Website Speed

Haivng hundreds even thousands of websites on a single server means that they are all competing for the same physical resources such as RAM, CPU and network bandwith.

If any one of those websites are running some scrips that take up huge amounts of server resources, then all the other websites on that server, including yours, will struggle to get the resources it needs to run properly.

This will decrease the speed, the response from the server, of your website and can have damaging results on your business and Google rankings.

Shared Hosting Danger 5 – DDoS Attacks

Distributed Denial of Service (DDoS) attacks are, unfortunately, commonplace nowadays.

Imagine a single bad actor controlling tens of thousands of hacked computers and IoT (Internet of Things) devices.

This is called a botnet.

Botnets can be instructed to ping a single website page over and over again, draining the resources of the server which is trying to keep up with the thousands of requests.

Eventually the server just slows down until it eventually crashes – this is a DDoS Attack.

Remember shared hosting danger 2, shared IP address?

If a bad actor is aiming a DDoS attack against any one of the hundreds of websites on a shared hosting server, your website is again going to be caught in the line of sight, unable to operate.

This could cost you trust from your customer base and thousands in lost revenue as well as your online reputation.

Shared Hosting Danger 6 – Dodgey Neighbours

Wherever you live, there’s always that one house on the block.

You know the one with the late night 3am mid-weerk parties, the constant shouting and arguing; the one the police car always seems to visit?

If you are on shared hosting, you have no idea what the other websites on that server are being used for.

Malware distribution, porn, phishing scams, something worse?

Any bad activity can draw the attention of blacklists, spam lists, DDoS attacks or police raids and confiscations.

Don’t let one bad actor ruin your online website and business.

How Can I Protect Myself?

The best way to protect yourself is to purchase a good quality hosting account.

Most hosting companies will offer dedicated or managed WordPress hosting where they spin up isolated virtual servers with all the resources dedicated just to your website.

In no particular order or preference, here are some website hosting companies I have worked with before that can offer this kind of service; Kinsta, WP Engine, Pagely, Wordify, Conetix, Siteground.

If you need help getting away from shared hosting, we are happy to help you approach one of our WordPress hosting partners.

Once your hosting is sorted out and secure, let us look after your WordPress website with one of our WordPress site care plans.

Posted in


Wil is a dad, consultant, developer, conference organiser, speaker and business mentor. He co-organizes the WordPress Sydney meetup group and has been on the organising committee for WordCamp Sydney since 2014. He speaks at many special events and contributes to the WordPress open source project. His likes are chillies, craft beer and electrogravitics.
Scroll to Top