What is web hosting in a nutshell?
Just to make sure we’re on the same wavelength on the subject, a clarification is in order.
When we talk about web hosting, we’re talking about the physical medium that will host the data needed to run your website (the various files, the database, etc.), and will also be connected to this incredible network called the Internet.
The computers that make this kind of thing possible are called servers, and when we talk about web hosting we’re talking about a service that allows you to use all or part of a server to put your website online.
Web hosting is not an option if you want your content to be available online.
Why consider outsourcing your website hosting?
Quite simply because it’s a highly complex task that requires advanced technical skills, as well as having the necessary hardware infrastructure, which involves significant costs.
Unless you are a company with a large budget that can afford to host your own data on site, it makes more sense to use a third-party service provider specialising in web hosting.
It’s important to distinguish between two things:
- the service of providing the server, or part of a server (depending on whether you choose dedicated, VPS or shared hosting), i.e. renting the hardware (or its equivalent). We are talking here about companies that own the physical servers and will rent them out for a fee.
- the day-to-day management of said hosting, which is the responsibility of the system administrator.
Why does it seem important to keep hold of it?
Keeping control of your online data
Easy access to the data you publish online means you can easily modify or delete it without having to account for it.
It’s also a way of checking what’s online.
To be able to respond to requests for access to or deletion of data in accordance with the GDPR
If you have an audience in Europe, you must comply with the GDPR (General Data Protection Regulation). One of the most important rights available to users is the right to erasure. Upon simple request, you are legally obliged to delete any data concerning the user from your server.
You will be particularly concerned⋅e if your site offers online services such as ecommerce, for which member accounts are generally offered.
Manage your website more quickly
Avoiding intermediaries also means saving time when it comes to processing a request.
If you have direct access to your hosting, you can theoretically process your requests yourself and therefore respond more quickly.
Why I don’t give my customers full access
After what you’ve just read, you must think I’m completely behind the idea that everyone⋅e should have full access to their web hosting.
Well, no.
However, the arguments above are very valid, and I’m a firm believer in the importance of controlling your data and that of your users.
But there are other points to consider, which are important, especially in the case of a professional website where you can’t afford to make mistakes.
Ensure server security
As you probably know, most Internet traffic is made up of bots, which spend their time browsing sites, sometimes with bad intentions.
To avoid opening the doors of your website to hackers, security measures must be put in place.
These measures are implemented on the server, not in the CMS (WordPress for example).
In short, unless you are already trained⋅e in the subject, you will probably prefer to entrust the securing, monitoring and continuous improvement of your site’s security to a professional.
99.9% of the time, the people who use a web agency are not IT security experts themselves, which is quite logical. Giving them full access to the server on which their data is stored is at best giving them access that they will never use – because they don’t really know what to do with it or are afraid of breaking something, and at worst creating security holes for two reasons:
- most people are not trained in computer security, and risk storing their passwords in clear text somewhere, or in a safe that will be easily accessible if their device is stolen. Providing a customer who doesn’t need it with the access code to their website server means running the risk of it leaking out and falling into the wrong hands.
- In trying to do the right thing, a customer may compromise the security of their site after watching a dubious tutorial on YouTube, or hearing advice left and right. If you’re not sure what you’re doing, it’s best not to do it, especially if it’s a professional website in production (your personal blog is a different story).
Keeping the server up to date and running
“Oh look, we can change the PHP version of the server, let’s go”.
This might be what a customer would say to himself when walking around the server of his e-commerce site. The problem is that playing blindly with the server settings of a site in production means running the risk of breaking your site without even realising it.
A server needs to be updated and properly configured for your site to work, with settings that may vary from one site to another.
Once again, getting your hands into this without prior knowledge means running the risk of creating loopholes or simply breaking certain functions.
Updating your server is part of maintaining your website, so if you have someone to take care of it, you don’t have to worry about it.
For 99% of a customer’s real needs, access to the server is not required
I think the previous two points are quite clear and will not be debated.
But you’re probably thinking that it’s a high price to pay for security and smooth operation in exchange for access to your data.
And you’d be right.
Customers need to be able to control what is on their website, for all the reasons mentioned above.
And that’s why CMS (Content Management System) were invented.
Using a graphical interface, you can manage what’s on your website.
You don’t need to access the server to do this, just log on to the site, as you do every day on a whole host of websites.
In the case of WordPress, an Editor account allows customers to do everything they need on a day-to-day basis:
- produce, modify or delete content on its site
- respond to requests for access to or deletion of customer data
- manage your ecommerce business (with the role of Ecommerce Manager)
- etc
You don’t need an Administrator account in WordPress either, as this role is too powerful and poses the same security and operational risks for the website as full access to the server.
For specific requests, it is also possible to modify, add or delete the rights and access granted to a WordPress account.
For example, you can obtain access to the regular back-ups of your website so that you can download them onto your computer, if you wish to have a copy for yourself.
What happens if my service provider is hit by a bus?
The title may make you smile (except for the provider, in this case me), but it’s really justified.
If you don’t have an Admin account or access to your website server, what do you do the day your web agency disappears (under a very large bus)?
Let’s set aside the legal considerations, which can take time to resolve in the event of a dispute.
If you need to regain control of your website quickly in order to migrate it elsewhere or change service provider, how do you go about it?
Make the right choice of accommodation beforehand
First of all, make sure that when you entrust the management of your website to a service provider that the service does not make you dependent on them.
Unfortunately, it’s pretty standard. You entrust your website to someone who makes you a tempting offer, and the day you want to leave, you discover that you no longer really own your site or your data.
Make sure that this is not the case, and ask the question “If I decide to stop entrusting you with the management of my site, what happens?
For my part, I make it a point of honour not to lock my customers in and give them the freedom to leave by recovering the full copy of their website so that they can easily move elsewhere if they decide to do so one day. My customers also retain ownership of their domain name, which I don’t have access to (although I do have access to the DNS, of course).
Avoiding SPOF
SPOF (Single Point Of Failure) refers to a particular element that can lead to the complete failure of a system if it fails.
When you go through a web service provider who works alone, such as a freelancer, this is a risk to be considered.
Being in this situation myself, I’ve already given the subject some thought.
My solution in the event of inability to meet requests
I’d probably have other things to worry about if a bus ran over me, which is why I’ve set up a solution to enable my clients to quickly and easily regain full control over their website in the event of a complete breakdown on my part.
In practical terms, the server that hosts my customers’ sites is managed by an external system administrator, whose job it is to deal with the security and performance aspects.
In addition to this, a trusted third party can access my customers’ website servers in this type of situation, in order to send them a complete copy of their website, if requested.
So I avoid the SPOF by not being the only one with access to my customers’ data.
For more demanding requests, it is also possible to allow the customer to regain all their access directly on request by email, with a configurable timeframe.
In practical terms, I can set this up using the Vaultwarden secure safe (to which I offer lifetime Premium access to all my customers). An email request from a customer who does not receive a refusal after a pre-selected period will open access to the safe.
Handy if my system administrator, my trusted contact and I get run over by a bus at the same time, or your web agency gets blown up by an asteroid that escaped NASA’s notice.
When it makes sense to keep access to your accommodation
To conclude this post, I’d like to qualify my comments a little.
Many service providers provide their customers with access to the web server, as well as Administrator level accounts.
I’ve already given my point of view on this, and the reasons why I haven’t done it for years, with very good customer feedback.
But there are situations where it makes sense to manage your web hosting yourself.
- for an unprofessional site: if it’s not the end of the world if your site breaks down or encounters technical problems, you can afford to take the risk of managing it completely yourself
- if you want to get your hands dirty: for a personal website or a small business, if you want to be more independent and have the time to devote to this, then managing your own web hosting can be a great learning experience.
- if you lack budget: this is more a lack of capacity than a real choice, but obviously, if you can’t entrust the management of your site to a third party, then you’ll have to do it yourself
What these three situations have in common is that they are non-professional web projects.
I’m the first to encourage the general public to take an interest in self-hosting and data management solutions. But in the case of a professional activity, from the moment it is up and running, I believe it is important to keep a budget to entrust the web part to a third party whose job it is.
Because believe me, in the event of a problem, hacking or data leakage, you’ll feel really stupid for having wanted to save a few euros and play IT expert⋅e.
