If you would like to line up an easy website as a web brochure, HostGator should be fine. But if you would like users to log in or buy something through your site, don't use this hosting provider's base plan.
If you are looking for an internet hosting provider, you've got an incredible number of choices. In my Best web hosting providers for 2021, I checked out 15 providers who offer a good range of plans.
To get a far better pity each individual provider, I found out the foremost basic account possible and performed a series of tests. during this article, we're getting to dive into HostGator's offerings. Stay tuned for in-depth looks at other providers in future articles.
HostGator at a glance
- Shared hosting starting at $2.75 per month.
- Cloud hosting starting at $4.95 per month.
- WordPress hosting starting at $5.95 per month.
- Reseller hosting starting at $19.95 per month.
- VPS hosting starting at $19.95 per month.
- Dedicated servers starting at $89.98 per month.
- HostGator was founded in 2002 by a student at Florida Atlantic University (hence the "gator" in HostGator). Today, HostGator is one among nearly 100 web hosting brands owned by Endurance International Group (EIG).
EIG was within the news in 2018 when the days of India reported that its former CEO and CFO were charged by the US Securities and Exchange Commission for "overstating the company's subscriber base." the corporate agreed to pay an $8 million penalty without admitting fault.
UPDATE: HostGator reached bent us requesting changes to the fast Security Checks section of this text. Their comments and our responses are included inline therein section.
How pricing really works
Because there's such variability among plans and offerings among hosting providers, it's hard to urge an honest comparison. I've found that one of the simplest ways to ascertain how a provider performs is to seem at the smallest amount expensive plan they provide. you'll expect the smallest amount of quality, the smallest amount of attention to detail, and therefore the least performance from such an idea.
If the seller provides good service for the bottom-shelf plans, you'll generally assume the higher plans also will enjoy similar quality. within the case of HostGator, there have been some bright spots, some annoyances, and a few serious security concerns.
For the series of hosting reviews I'm doing now, I'm testing the foremost basic, most entry-level plan a vendor is offering. within the case of HostGator, that is what they call their Hatchling plan. to urge pricing, I simply visited the company's main site at HostGator.com. If you would like to save lots of money, though, read to the top of this section.
Like nearly every hosting provider within the business, their offering is somewhat misleading. there's no choice to just get billed $2.75 per month. Notice the all-powerful asterisk next to the worth.
While it's such as you can get the Hatchling plan for $2.75 per month, that's as long as you prepay for 3 full years, which suggests you're actually paying $105.35. If you would like just one year, you're charging $76.11 to your card (which is $5.95 per month). If you would like to shop for the service on a month-by-month basis, you're paying $10.95 per month.
When you hit the Buy Now button, the corporate pre-populates a one-year subscription with optional add-ons for site monitoring and backup, adding $43.94 to the bill (but you'll uncheck these options).
There's a painful gotcha to those "starting at" prices. once you renew, you are going to pay more. This, too, isn't uncommon for hosting plans and maybe a practice I strongly wish the hosting industry would stop. rather than paying $105.35 for 3 years, upon renewal, you will be paying a whopping $250.20 on one MasterCard charge, an increase that's quite double the first price.
WHAT THE BASE PLAN INCLUDES
As with most hosting vendors lately, HostGator claims unlimited disc space, unlimited bandwidth, and unlimited email. In practice, these unlimited values are limited within the terms of service. you cannot use your unlimited storage as an enormous backup tank where you dump gigabytes of video, for instance. They also state, "HostGator expressly reserves the proper to review every shared account for excessive usage of CPU, disc space and other resources which will be caused by a violation of this Agreement or the suitable Use Policy."
In other words, don't abuse the resources you're buying, and buy the extent of the plan reasonably commensurate together with your expected usage. If you're close to run an enormous, national promotion where you expect much traffic, you would possibly not want to use the Hatchling plan. If you get an excessive amount of traffic, HostGator might shut you down or bill you tons more.
Their terms of service continue, "HostGator may, in our sole discretion, terminate access to the Services, apply additional fees, or remove or delete User Content for those accounts that are found to be in violation of HostGator's terms and conditions."
The base-level plan has some compelling features. First, and this is often important as we move forward during a go after a safer web, is that the availability of free SSL for your site. This adds that tiny lock icon to your browser's address bar and makes sure traffic between your site and your visitors is encrypted.
The company also offers 24/7/365 support which not only includes ticket and chat but phone support also. While you're only ready to use one domain, you'll use as many subdomains as you would like. the corporate also provides a coupon for $100 in Google ads and another $100 in Bing ads. While you almost certainly won't get enough ad hits to hide your cost of hosting, it'll assist you to get your feet wet within the world of Google and Bing advertising.
DASHBOARD ACCESS
The first thing I prefer to try to do when watching a replacement hosting provider is exploring their dashboard. Is it an old flame, like cPanel? Is it some kind of cobbled-together home-grown mess? Or is it a carefully crafted custom dashboard? These are often those that worry me the foremost because they nearly always hide restrictions that I'm getting to need to work around somehow.
When you first log into HostGator's dashboard, you're greeted with their customer portal. Here you'll manage your MasterCard information, get support, and -- most vital, apparently -- buy the upsell options they provide.
This is not the sole dashboard you will be using. the most dashboard is cPanel, which is common to several, many sites across the online. While cPanel is often frustrating sometimes, it is a very capable interface that allows you to manage all aspects of your site.
It took a surprisingly while for cPanel to launch, almost a full minute. What's a touch more bothersome, though, is that the range of additional upsells within the middle of cPanel. cPanel is typically pretty predictable and seeing almost as many ads and upsells as management options were tedious.
INSTALLING WORDPRESS
There are certainly other content management and blogging applications you'll use besides WordPress. That said since 32 percent of the whole Web uses WordPress, it is a good place to start out. WordPress sites are often moved from hosting provider to hosting provider, so there is no lock-in. And by testing a site built with WordPress, we will get some consistency in our testing between hosting providers.
I went ahead and clicked the Build a replacement WordPress Site button on the most cPanel page… and got hit with another page of upselling promotions:
At $399, prices were really beginning to climb from that tasty little $2.75 offer the corporate promoted. The promos on this setup page didn't say what theme they'd be installing. WordPress does accompany a pleasant set of free themes, and most themes are relatively inexpensive. I attempted to work out what the $399 program was for, but as far as I can tell, it's simply fixing WordPress, which is typically a few five-minute processes.
👉 Also, you can read: HostGator Review 2021 - Quality & Speed Tests
The difference between the $199 and $399 program was the addition of SEO and WordPress site security. To be fair, most WordPress security plugins and add-ons cost a few hundred bucks a year, and there are premium SEO plugins that will cost an identical amount. But without going all the way through the checkout, it wasn't clear what tools HostGator was providing reciprocally for its almost $400 of upsell.
My advice is to skip these upsells. Simply install WordPress, get to understand your site, then start with a tool like Wordfence or Sucuri to stay your site protected.
Once I entered my user name and domain, I was… await it… presented with another upsell:
I took a fast check out the File Manager and determined that the WordPress install seemed to be in situ. So, rather than using HostGator's login button, I just used the quality WordPress admin URL, which is domain.com/wp-admin. This worked.
I was, however, not surprised to seek out more upsells. during this case, the whole main dashboard page -- going well below the scroll of the page -- had upsold.
There seems to be an enormous push for employing several plugins that are either freemium or affiliate-based. Jetpack is produced by Automattic, the corporate behind WordPress. It also has an affiliate program.
My guess is that HostGator is pre-installing plugins where they get some affiliate revenue. There's nothing particularly wrong thereupon, but plastering these upsells within the middle of configuration screens is getting old.
HostGator also dropped during a plugin for something called Mojo Marketplace. This, too, had pages and pages of upsells, this point for themes.
With all the added plugins, junk, and upsell, it's no wonder that the location initially failed once I hit the location login button from the HostGator dashboard.
Let me be clear. there's nothing wrong with using many plugins on a WordPress site. That's one of WordPress's biggest strengths. But filling a site with crapware before it's even live is nothing but a distraction, can add a substantial amount of confusion to new users, and should cause potential problems in terms of functionality. Plus, it's just rude.
QUICK SECURITY CHECKS
Security is one of the most important issues when it involves operating an internet site. you would like to form sure your site is safe from hackers, doesn't flag Google, and may connect securely to payment engines if you're running an e-commerce site of any kind. you furthermore may don't need to distribute malware to your visitors. That's bad.
While the scope of this text doesn't leave exhaustive security testing, there are a couple of quick checks which will help indicate whether HostGator's most inexpensive platform is starting with a secure foundation. Here's the tl;dr: it isn't. This thing is dangerously insecure.
The first of those quick checks is multifactor authentication. It's way too easy for hackers to only bang away at a website's login screen and brute-force a password. one among my sites has been pounded on for weeks by some hacker or another, but because I even have some relatively strong protections in situ, the bad actor hasn't been ready to get in.
Unfortunately, I even have to ding HostGator for what I consider a reasonably serious security flaw. once you log into their customer portal, all you would like to supply may be a username and password. However, if you would like to ask support questions and obtain answers, you are doing got to found out a support PIN. this is often a partial breakthrough. the matter is that if you can log into most management account, you'll change the e-mail address related to it, then have a replacement support PIN sent out. rock bottom line is without a second factor for login authentication, the PIN is actually worthless.
Secondly, consistent with the support person I reached bent on chat, HostGator's cPanel implementation also doesn't support multi-factor authentication, a minimum of within the lower-end accounts.
Multi-factor authentication should never be an upsell option or provided just for premium accounts. It takes little or no effort for a hosting provider to enable it. Not only does it protect the individual customers using the feature, but it also protects all the purchasers of the hosting provider. That's because most shared hosting servers share IP addresses. If a spammer or scammer hijacks a shared hosting account whose account is blocked, it's entirely possible that each one of the accounts sharing that IP or that IP's larger block of numbers is going to be blocked also.
I strongly recommend that HostGator implement MFA for all accounts immediately, for his or her benefit also like that of their customers.
I mentioned earlier that HostGator provides a free SSL certificate. They're using Let's Encrypt, a program that gives free, automated SSL certificates. Let's Encrypt is enabled by default, so once you found out an internet site, all you would like to try to do is use your http:// in your URL to supply encrypted URLs for your visitors.
As my last quick security check, I prefer to seem at the versions of a number of the most system components that run web applications. to form things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I've found that if components are up-to-date for one set of needs, they're usually up so far across the board.
Here are my findings derived from the HostGator versions page and a pleasing tech support conversation, as of the day I tested [in July 2019], for HostGator's Hatchling plan
The cURL library, which is supposed for data transfer, particularly of secure information, is vastly and woefully out of date. a fast check out the cURL release table shows there are thousands of bugs fixed and many vulnerabilities resolved since the version of cURL being provided by HostGator was released back in 2009. That's quite a decade old. that might be like walking around today with an iPhone 3GS and running Windows Vista on your PC!
UPDATE: HostGator told us, "cURL does list an older raw version, but RedHat/CentOS backport security patches and that we update all servers a minimum of daily. this is often standard for RedHat/CentOS and expected behavior." this is often actually a really interesting process. Red Hat does return to older versions of ordinary Linux software and port security fixes, as HostGator stated. However, even with security fixes applied, offering an almost 10-year-old version of cURL will provide website owners with ongoing compatibility challenges, particularly with payment gateways.
The company supports OpenSSL 1.0.1e-fips 11, where the absolutely most current version is 1.1.1. The gotcha is that when OpenSSL visited 1.1, it broke tons of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and therefore the 1.1 branches. I know, it's enough to offer you a headache. Here, despite all the version number confusion, there's one fact you would like to know: the version of OpenSSL HostGator is supplying is additionally vastly out of date.
UPDATE: HostGator told us, "OpenSSL also lists an older raw version, but again RedHat backports security patches and that we ensure daily updates." this is often an equivalent backporting process Red Hat uses for cURL. It means while security flaws are updated, the version and its compatibility are still nearly a decade old.
HostGator is using version 5.6 of MySQL. While MySQL supports many versions, the newest is 8.0. HostGator's MySQL implementation is eight years old.
UPDATE: HostGator told us, "All HG boxes have MySQL 5.6 or higher. The article reports 5.5, which hasn't been in situ for an extended time." While this was the version shown on HostGator's own versions page when the article was written, we're glad to ascertain MySQL has been updated.
What's worse, each of the versions of those packages is below WordPress's minimum requirements.
Because MFA isn't available and since many of those versions (even with backported security updates) will cause modern software to fail, we consider HostGator a but optimal choice for e-commerce or any security-related site.
PERFORMANCE TESTING
Next, I wanted to ascertain how the location performed using some online performance testing tools. it is vital to not take these tests too seriously. We're purposely watching the foremost low-end offerings of hosting vendors, therefore the sites they produce are expected to be relatively slow.
That said, it's nice to possess a thought of what to expect, and that is what we're doing here. The way I test is to use the fresh install of WordPress then test the "Hello, world" page, which is usually text, with just a picture header. That way, we're ready to specialize in the responsiveness of a basic page without being too concerned about media overhead.
One note: normally I would not test a site with all the crapware plugins installed. But since most users who buy these plans probably won't skills to get rid of the plugins or which plugins are safe to get rid of, I tested performance with those plugins installed. I fully expected performance numbers to require success from all that added cruft, but I used to be wrong. The performance wasn't bad in the least.
First, I ran two Pingdom Tools tests, one hitting the location from San Francisco and therefore the second from Germany. Here's the San Francisco test rating:
Next, I ran a similar test using the Bitchatcha service:
Finally, I hit the location with Load Impact, which sends 25 virtual users over the course of three minutes to the location then measures the responsiveness.
The Load Impact test was also somewhat unexpected. At the start of the test, some page load times took longer than they ought to. But because the number of virtual users climbed, responsiveness settled into a pleasant rhythm.
While lower-end hosting plans often have spotty performance, this was an honest showing. Most lower-end plans, including the one we're testing, share server resources with other customers. So, sometimes of heavy activity, if one site is seeing heavy usage, the opposite sites may suffer. I'm testing this site on a Sunday afternoon, which may be a relatively slow period in web hosting terms, but however, the performance for this bottom-end site was unexpectedly reasonable.
Support responsiveness
I only needed to contact support once, through the chat interface. I used to be connected to someone within about five minutes. It took a couple of more minutes to determine a support PIN, on the other hand, I got my answer quickly.
For a Sunday afternoon, it had been an entire, reasonably knowledgeable answer. I've certainly experienced far worse support.
Overall conclusion
You never want to urge your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has got to make it abreast of volume. Professional and enterprise hosting plans with many traffic and performance must, out necessarily, cost more.
The only thanks to truly know what it wishes to use a service is to run a live website thereon for a couple of years. That said, I used to be both pleased and disappointed with HostGator's showing.
I found my interactions with HostGator's customer portal and cPanel to be sluggish. It often took 30 seconds to a moment for a click to process through to a result.
On the opposite hand, the performance of the location being hosted by HostGator, the location you're paying for and need to be highly performant, was quite good.
HostGator's relatively constant upsell, especially within the configuration and operational aspects of the instrument panel proved intrusive. the corporate installed way too many plugins within the default WordPress install, which not only caused the initial login to fail but might make it much more confusing for brand spanking new users.
Finally, the company's lack of support for contemporary security protocols and login security is deeply disturbing. They're letting many thousands of consumers launch websites with woefully out-of-date security software. as long as the safety libraries are free and open-source, there's just no supportable reason for HostGator to be lax on this most vital aspect of Web security.
The company offers a 45-day money-back guarantee, which is cheap.
The bottom line is this: if you would like to line up an easy website as a web brochure, HostGator should be fine. But if you would like users to log in to or buy something through your site, don't use this plan.
No comments:
Post a Comment