# Looking for web hosting help



## apicius9 (Jul 28, 2016)

Hi everyone,

a while ago my website had been hacked and is infected with malware. I had not paid much attention to it and wanted to get to it whenever I have time, but now I also cannot access several emails that run through this hosting service (hostmonster.com). They want $250 per domain for cleaning it up plus over $100/year for basic malware protection. I thought that was what I paid them monthly fees for, and I feel exploited, especially because I had paid that before when it got hacked a couple of years ago. - Or is that standard procedure? In any case, I need to decide whether I pay, get 30 days of protection, and then deal with this crap again or whether I find a place where I can build up my site again. Any thoughts? Any recommendations for hosting services that provide decent and affordable protection against hacking/malware? I also need some tips on how I can transfer my domains etc to a new host. 

Thanks,

Stefan


----------



## Matus (Jul 28, 2016)

That sounds like a BS. What kind of web hosting do you need?


----------



## gic (Jul 28, 2016)

IT is BS. What do you need?


----------



## apicius9 (Jul 28, 2016)

I really only need 1) the handle website, i.e. transfer the japanesehandles.com domain and build it up again with Wordpress, adding a couple of email addresses to it. The most complicated part of that would be the option for a simple shop system, but I made it so far without one, I could drop that if it complicates things. 2) transfer my private domain skelleronline.com - I never got to setting anything up there, so it would be at most another Wordpress site if I ever get to it. I do, however, use this domain name for several email accounts which I hope to keep under the same addresses. If that doesn't work, I can start over again... Other than that, just protection against hacking for a reasonable price. 

Stefan


----------



## gic (Jul 28, 2016)

Use Namecheap or GODAddy hosting, they support wordpress and most e-commerce solutions


----------



## spoiledbroth (Jul 29, 2016)

you should definitely switch to a hosting provider who doesn't try to screw you like that... They should be cleaning up their own servers for the sake of preserving the integrity of their own datacentre... 


chances are your website was compromised by something you uploaded, for instance popular software like WordPress is full of security vulnerabilities (which are patched regularly, however if you do not update your software on a regular basis or have the know-how, you are bound to run into this again).


----------



## apicius9 (Jul 29, 2016)

spoiledbroth said:


> you should definitely switch to a hosting provider who doesn't try to screw you like that... They should be cleaning up their own servers for the sake of preserving the integrity of their own datacentre...
> 
> 
> chances are your website was compromised by something you uploaded, for instance popular software like WordPress is full of security vulnerabilities (which are patched regularly, however if you do not update your software on a regular basis or have the know-how, you are bound to run into this again).



From what I understood, someone hacked in there through Wordpress and turned my handle site into a store for cheap Chinese junk... I have looked at a number of hosting sites, so far a2hosting is my favorite from the whole package, reviews, and security feaures. I will make a decision this weekend, thanks for all your comments,

Stefan


----------



## oldcookie (Jul 29, 2016)

How much are you paying now?

You can check out SquareSpace, Shopify, etc. In general, I recommend going with this type of services, especially if you are not writing custom WP stuff yourself. They provide better customer service, and handle all to software updates, security, etc.

For email hosting, you can just use zoho.com, I host my wife's business email on there for free. You can also set it up such that if forwards to your Gmail account.

Anyway, feel free to PM me if you need some help.


----------



## LifeByA1000Cuts (Jul 29, 2016)

What is included or not included in your fees is extremely dependent on the exact provider and hosting model chosen. Are they billing your for these $250 or are they offering a cleanup service for $250? In the first case, transferring the domain could prove difficult if you refuse to pay.I would always recommend to buy your domain from a different reseller (who should also offer to host your DNS records) so you cannot be extorted for the transfer code. 

Before making any off-the-mark recommendations: Are you capable of managing a root server (and willing to), or are you looking into a fully-managed solution?


----------



## dotnetwin (Aug 8, 2016)

You can consider asphostportal as your another option. I have hosted my wordpress sites with them for 4 years. I move to them without any charge (FREE). They have good malware and hack protection. Their support is also good and fast. Never disappoint me.


----------



## Ruso (Aug 8, 2016)

If your website is hacked due to your error or an issue with your backend. Hosting company has nothing to do with it. Keep your things patched and preferably do not use pre-made frameworks like wordpress etc. If you want somebody to patch things for you, you will have to pay for the service.


----------



## LifeByA1000Cuts (Aug 8, 2016)

@Ruso that was more or less exactly my question to him (just tried to be forward looking) - if I got a managed wordpress contract, I'd expect it to be their monkey, if I get a root server or put wordpress on a standard LAMP-enabled managed webhost, it would be mine (it would get awkward if a php/php dependency bug, a local privilege escalation in the OS, or something similar caused or aggravated the vulnerability or its impact).

BTW, was there no user-accessible backup included in the original hosting contract? - normally, you should be able to restore the site from a backup before the hack, then quickly patch it (unless the hacker made use of a local privilege escalation and made the whole server untrustworthy). If patching is complicated, protect it with a .htaccess rule until everything is in order.

EDIT: "local privilege escalation" = damaging your countertop because a weakness in your cutting board caused it to unexpectedly split in half.


----------



## apicius9 (Aug 9, 2016)

Thanks everyone for your input! Brief update: I probably had not kept up with updating the Wordpress site as diligently as I should have, but I also expected a better protection from the hosting company. I looked around and finally decided to go with siteground.com From everything I read, they have good protection and I can let them manage updates etc. They also keep automatic backups which my old provider did not`, and they offer the few plugins I was thinking about (basically just a gallery and a simple shop) plus email hosting. I am happy to work myself into this to some extent, but I don't want to become a web developer, so something with a decent template from a decent service sounds like what I need. We'll see... 

Stefan


----------



## LifeByA1000Cuts (Aug 9, 2016)

Their managed plan sounds good: "Our security experts constantly monitor for WordPress related vulnerabilities and proactively protect our users with custom WAF rules when needed. We also update your WordPress and its plugins automatically, and make daily backups of your hosting account." This is what you want.


----------

