Looking for some decent e-commerce hosting? It's a minefield out there - here's what to look for.
Time is money! And downtime is loss of money. If your shop isn't available, your conversion rate is going to be zero.
Most hosting providers have some form of uptime guarantee, some are offering 100% uptime otherwise you receive some amount of your charges back. In reality, any money a hosting firm gives you back for down-time will pale into insignificance when compared to the money you lose from lost custom, so go with a provider that can show a track-record of near 100% uptime.
For maximum performance and stability, not to mention PCI compliance, you can't share your server with other people.
That means you need a dedicated server.
Cloud servers are a bit of a grey area, they behave like dedicated servers but you're actually sharing the hardware with other users. You can use these for your front end shop but not for card processing. You'll need a dedicated server for that.
However, if you're using PayPal, SagePay or another payment gateway and you are utilising an off-site payment page, then using cloud servers for your e-commerce site isn't a problem.
This takes us to our next question... For your shopping cart and website, you need to choose between cloud and physical servers
Cloud servers are great because you pay by the hour and can up-scale or down-scale as needed. In most cases they are cheaper than having a dedicated physical server.
They may be slightly less powerful than a dedicated physical server but the difference is minimal and you will more than likely have other bottlenecks.
However, if you do want the extra power or if you need to process card details yourself, you'll need a dedicated physical server.
These are sometimes provided as standard, otherwise you may need to ask for them or even install your own backup client, such as JungleDisk.
Either way, make sure you have some backups set up to avoid disasters.
To ensure you have a usable backup, perform database exports on a regular basis. This is because normal file system backups may capture your MySQL database in an unstable state.
Make sure you test your backups regularly. You don't want to find yourself in a situation where you think you're completely backed up, but when need to restore from a backup it fails.
If you are a Sys Admin / comfortable with shell access, you may not require a control panel like PLESK or Webmin, but usually these control panels can help with setting up your server configuration and performing tasks like SSL certificate installs.
A requirement of PCI DSS is two-factor authentication, it typically means to authenticate you need:
It's quite hard to grasp what the scope of this is within PCI, ostensibly it's any connection or access that crosses public networks. So this means your server connections. See what two-factor authentication options your host offers.
You also need to consider physical access to your host datacentre.
Ideally your hosting provider will be PCI DSS certified to Level 1 as a Service Provider, the scope this accreditation should cover is the following:
This reduces the burden on you during a PCI audit. If you use a provider that is not certified, you will need to somehow prove that your servers are secure physically.
The bigger companies are now offering round the clock support all year round, essential for getting help in those tricky server moments.
This may not seem important until your servers go down late one evening - then you want to be able to get through to a representative right away.
I'd be interested to know - you can email hello@wemakewebsites.com to find out more.