Website security websites single server

Website security: Why you should NOT host your websites on a single server

Yes, you should never host more than one website on a single server if you’re concerned about website security. Let’s see why.

Previously, we discussed how you can take the first 3 steps to make your website safer. Now it’s time to admit we skipped over the actual first step: hosting your projects, whether they’re blogs, online shops or presentation pages, on different servers.

We did not consider how tempting an unlimited web hosting plan is for a new developer or an entrepreneur. You paid for the plan, it touts „Unlimited sites and domains”, so why not?

Well, it is one of the worst website security practices ever. If an attacker decides to go for a server where you host your website, he can gain acces to a single WordPress install (for example), one with 5 or 6 themes and maybe 30 plugins.

If all your projects are on that server, that same attacker can potentially compromise 2 WordPress installs, a Magento install, maybe a Joomla, plus ten themes or more, nevermind dozens of essential plugins.

When this happens, the infection on one website can easily spread, making the cleanup incredibly difficult and time consuming. By the time you clear one infected website, another can continue to spread the infection. This infection passes from one to the other in an apparently endless loop. Most people also use the same root for passwords, probably even you. You know it’s not good, we know it too, but we’re only human and can only remember so much, right?

Well, let’s say you manage to clear the infection from all your websites. Now, as standard security practice, you have to reset ALL of your passwords. From the CMS to the database and FTP users, on every website. Skip this step and all your projects are vulnerable once again.

Of course, if you’re an independent developer or work in a classic structure, a lot of websites you built are running on a single server. All of them have various CMSs and frameworks, some of them modern, some of them updated. What about that blog you did back in 2014, filled with custom plugins? Most of those plugins are outdated and pose a serious security risk.

Until you can move those websites to their own servers or you sign up for a cloud provider, we recommend installing a VM hypervisor. Then create a separate VM for each user, one that will rown its own webserver and database instance. See more details about this here.

Don’t ever forget that, with most unlimited plans, multiple domains are located in separate folders within the root directory of your hosting account. A hacker gets access to the account and gets access to all your sites. You can use strong passwords, you can have backups, but that’s not enough.

Most hackers do not want to just crash your website, unless you really pissed them off. They want to use your site to generate fake pages in order to scam search engines. Or they want to gather valuable data from your files and visitors. Your visitors are your clients so you must protect them. If this means spending 5-10 dollars more each month by getting a Virtual Private Server (VPS), do it! If you are concerned with website security, the risks far outweigh the benefits of hosting multiple sites on a single server.

But what how do you keep track of all those servers? We know you have to juggle so many projects, tasks, passwords and so on. That’s why we created ClusterCS, a modern control panel for servers. No matter where they’re located – in your spare room, at Amazon or Rackspace or Digital Ocean, you can manage them in a single interface.

ClusterCS allows you to manage them, offers automated installs, backups, monitoring and self-healing, and also offers the ability to install Let’s Encrypt SSL, for maximum security.

Try the free plan, discover the different feature tiers and scale up or down according to your needs. Simple, affordable, secure.