Blog

E-Commerce Hosting - What to Look for When Choosing a Host

February 22, 2023

Looking for some decent e-commerce hosting? It's a minefield out there - here's what to look for.

Uptime guarantees

Time is money! And downtime is loss of money. If your shop isn't available, your conversion rate is going to be zero.

Most hosting providers have some form of uptime guarantee, some are offering 100% uptime otherwise you receive some amount of your charges back. In reality, any money a hosting firm gives you back for down-time will pale into insignificance when compared to the money you lose from lost custom, so go with a provider that can show a track-record of near 100% uptime.

Shared vs. Dedicated

For maximum performance and stability, not to mention PCI compliance, you can't share your server with other people.

That means you need a dedicated server.

Cloud servers are a bit of a grey area, they behave like dedicated servers but you're actually sharing the hardware with other users. You can use these for your front end shop but not for card processing. You'll need a dedicated server for that.

However, if you're using PayPal, SagePay or another payment gateway and you are utilising an off-site payment page, then using cloud servers for your e-commerce site isn't a problem.

Cloud vs Physical

This takes us to our next question... For your shopping cart and website, you need to choose between cloud and physical servers

Cloud servers are great because you pay by the hour and can up-scale or down-scale as needed. In most cases they are cheaper than having a dedicated physical server.

They may be slightly less powerful than a dedicated physical server but the difference is minimal and you will more than likely have other bottlenecks.

However, if you do want the extra power or if you need to process card details yourself, you'll need a dedicated physical server.

Server Backups

These are sometimes provided as standard, otherwise you may need to ask for them or even install your own backup client, such as JungleDisk.

Either way, make sure you have some backups set up to avoid disasters.

To ensure you have a usable backup, perform database exports on a regular basis. This is because normal file system backups may capture your MySQL database in an unstable state.

Make sure you test your backups regularly. You don't want to find yourself in a situation where you think you're completely backed up, but when need to restore from a backup it fails.

A Control Panel

If you are a Sys Admin / comfortable with shell access, you may not require a control panel like PLESK or Webmin, but usually these control panels can help with setting up your server configuration and performing tasks like SSL certificate installs.

Two-factor authentication

A requirement of PCI DSS is two-factor authentication, it typically means to authenticate you need:

  • "Something you know" is a knowledge-based identifier, most commonly represented as a password or passphrase.
  • "Something you have" is most commonly represented as a token or smart card based identifier

It's quite hard to grasp what the scope of this is within PCI, ostensibly it's any connection or access that crosses public networks. So this means your server connections. See what two-factor authentication options your host offers.

Physical Security

You also need to consider physical access to your host datacentre.

Ideally your hosting provider will be PCI DSS certified to Level 1 as a Service Provider, the scope this accreditation should cover is the following:

  • Data centres
  • Hosting provider offices
  • Network infrastructure (routers and switches)
  • Employee access to network devices

This reduces the burden on you during a PCI audit. If you use a provider that is not certified, you will need to somehow prove that your servers are secure physically.

24x7x365 Support

The bigger companies are now offering round the clock support all year round, essential for getting help in those tricky server moments.

This may not seem important until your servers go down late one evening - then you want to be able to get through to a representative right away.

What would be on your list?

I'd be interested to know - you can email hello@wemakewebsites.com to find out more.

For more e-commerce advice, take a look at our other posts.

Authors

Subscribe to our newsletter

Be the first to hear about what’s hot in e-commerce and Shopify Plus. Straight to your inbox.