There are three basic categories of web hosting you can choose from:
Shared hosting providers are companies that sell web hosting on servers that host other customers' websites and often provide you with control panel software, such as cPanel. When using a shared hosting provider, you will need to install and configure your website yourself, but the shared hosting provider will run the web servers for you. These include companies like Dreamhost and Bluehost.
Self-hosted servers are servers you run for yourself. This category includes Virtual Private Servers (VPS) and physical servers that are in data centers. Self-hosted servers are often the best solution for organizations with very specific website needs, however they also require systems administrators and web developers. Protecting self-hosted servers from DDOS attacks is a subject that falls outside of the scope of this guide, but there are some DDoS-protection services that can be helpful for those who self-host their site.
A handful of companies offer DDoS protection services at an additional cost. There are also companies and non-profit organizations that offer DDoS protection at little or no cost to certain defined groups.
Each category of web hosting has advantages and drawbacks. The following section will help you assess which type of web host is best for you.
- It’s easy because no in-house technological expertise is needed.
- It's free!
- Large companies that provide hosted services generally have stable and secure servers that are capable of absorbing DDoS attacks.
- Updates, security, and DDoS defense are the platform provider's responsibility (although you still need to protect your site by having a strong password).
- Hosted services often have content policies which may not work for your website.
- You have little control over which themes and plugins you can use.
- If your website requires more complicated types of content than blog posts and pages, hosted services might not work for you.
Required level of technical expertise for set up: Low. If you can use Facebook, you can use a hosted service.
How to handle DDOS: You have no control over any of it, but your service provider should help. These large web hosts are unlikely to inform users of a DDoS attack, but their infrastructure leaves them well-equipped to withstand most such attacks.
- After installing your content management system (CMS), you can install any themes or plugins you want, including automatic backup and security plugins, or custom plugins just for your site.
- The shared hosting provider is responsible for server updates.
- It costs money (~$10/month).
- You are responsible for keeping your CMS and plugins up-to-date yourself. Out-of-date plugins can result in your site getting hacked.
- Because you are sharing a server with other websites, their security problems could potentially compromise your website.
- Some shared hosting providers will disable your account if you experience a DDoS attack.
Required level of technical expertise for set up: Medium. You will need to know how to navigate your host's control panel, use FTP/SFTP/SSH software, and install and configure a CMS.
How to handle DDOS:
- Make sure your CMS uses caching, which can help handle large amounts of traffic. If you are using Wordpress, EFF recommends the WP Super Cache plugin. Drupal has caching built-in.
- A Content Delivery Network (CDN) or caching service can provide a layer in front of your site to absorb the attack. CDNs are available to work with most hosting scenarios.
- If you're getting DDoSed, talk to your hosting provider about how to keep your website up.
- You can set up your website exactly the way you want it.
- If you have the technical expertise, you can use a dedicated caching proxy like Varnish or Squid.
- You can also use a DDoS protection service to protect your site against DDoS attacks.
- If have the technical expertise, you can set up a load balancer that distributes your web traffic across several web servers. This is how big websites like Facebook, Google, and Amazon manage to stay up even when they're flooded with massive amounts of traffic.
- Professional systems administrators and developers are required to maintain self-hosted servers.
- This option is more expensive than shared hosting.
Required level of technical expertise for set up: High. You will need a professional system admin and someone who knows how to install and configure a CMS.