ecommerce hosting query

BluePeter · 6th March 2008

I'm hoping someone can give me some advice. I've created an ecommerce site and want to find a reliable host. Are there any 'musts' that I need to bear in mind (like a dedicated server, virtual server?). Can it be a shared server with a decent hosting company? I'm not expecting thousands of visits a day.

There are so many hosts advertising out there, that there's no way I could choose and be confident, without paying the likes of Rackspace £200 or £300 per month (where I know they'll probably do a great job, but at a cost).

I need to make money out of the website without giving a big chunk back to the host each month, but I've got to weigh up what service I'm going to get for my money. Would I be dumb to go with a shared hosting service costing £20 per month?

Then, when I do find out what kind of host I need to search for, is there anywhere I can get reliable reviews of different hosts?

By the way, it's a php site using mySQL database.

Thanks in advance for any help
BluePeter

JamieBeeston · 6th March 2008

Whilst it isnt true that you always get what you pay for.... the opposite does ring true... you dont get what you dont pay for!

IF you're going to be turning over £x0k per year, then dont skimp on your hosting..

If you're going to be turning over £x00k per year, then you definitely should be looking at your own Dedicated server

If you're going to be turning over £x000k per year, then you definitely should be looking at your own Managed Infrastructure.

Only you know how much money, reputation and profit you'll lose by constantly going down with a poor host!

We host everything from < £10k a yr online stores to > £50m a yr online stores (plus all the associated banks / blue chips / plcs etc)

J

J

Cyberprog · 6th March 2008

As Jamie said, it all depends on what your turnover will be, which will in turn correspond to the ammount of resources you'll use and the service you'll need.
We tend to host from smaller e-shops (using shared services) to medium sized ones (using dedicated boxes), so can give a fair opinion on what's needed

othellotech · 7th March 2008

Pretty much what Jamie said

Quote:

Originally Posted by BluePeter

Are there any 'musts' that I need to bear in mind (like a dedicated server, virtual server?). Can it be a shared server with a decent hosting company? I'm not expecting thousands of visits a day.

The usual musts for e-commerce would be...
Fixed IP
Reputable SSL certificate (not one of the $4.99 "we checked they had a paypal account" things)
Provider with a phone-number
etc

My preference for anything critical is to have it own its own server (or if needs are modest in terms of processing/resource usage a VPS will do)

If you had a physical shop to take orders, process cards, sell items form etc, you'd spend 25% of your turnover on that, fit big locks for security, get a night guard to do regular checks, expect the electric to be available 100%, staffed by knowledgeable people etc - your hosting whilst (probably) costing less than that should be viewed in the same way.

Quote:

Originally Posted by BluePeter

By the way, it's a php site using mySQL database.

So a LAMP server or VPS or specialist e-commerce shared host - depending on your preference and budget.

TDMWeb · 7th March 2008

Quote:

Originally Posted by othellotech

Reputable SSL certificate (not one of the $4.99 "we checked they had a paypal account" things)

Any valid SSL certificate, however cheap or costly, will surely enable SSL encryption on the link beteen the browser and the server, which is what they are for. The sooner we lose this daft idea that SSL certs can somehow say "This is a good company to do business with" the better IMHO.

Karl · 7th March 2008

SSL is also about identity validation, when I look at a certificate and it say KDA Web Services Ltd. Is who it was issued to, I want to know they approved it and it is not some scam site using a cheap SSL with no checks in place.

TDMWeb · 7th March 2008

But my point is that this kind of extra check is technically worth nothing: it's only a way for SSL cert providers to get more money for what is essentially the same product. For any commercial SSL cert, as far as I know, the requester has to have access to the domain name in some way (eg an email address) in order to prove they are a valid owner/admin for the domain before the cert is issued. The extra stuff like VAT reg cert, company docs, etc, really don't add that much.

othellotech · 7th March 2008

Quote:

Originally Posted by TDMWeb

The extra stuff like VAT reg cert, company docs, etc, really don't add that much.

The "extra stuff" are the things end-users/shoppers *assume* have been done - when a cert says it's issued to the "Friendly Shop Ltd" thats what they expect, not simply that "Freindly Shop Ltd" was just a field on an orderform for a cert to "dodgycvnts.com" domain name.

aguk · 7th March 2008

There are different elements to different SSL certificates. An SSL certificate provides encryption between client and server. They all do this some at higher encryption levels than others.

However some CAs also provide the certs which allow for company name to be present which requires a few more checks by the CA. Then there are the EV certs which require the CA to verify the legitimasy of the company. These are all extras on top of the actual SSL cert function.

The same way that you provide differing levels of service levels for hosting. In essence it is just selling space on a disk drive and the sooner people recognise that the better

However I also agree that an SSL is not the defining factor in trusting a company with your e-commerce business. I have been in organisations that have an EV certificate on their store but when someone pays by credit card the details are emailed (yes emailed) to a lady who prints them off and taps them into a PDQ machine then files the print off in a filing cabinet in an open office! They really didn't think they were doing anything wrong or breaching any regulations.

Karl · 7th March 2008

Quote:

Originally Posted by TDMWeb

For any commercial SSL cert, as far as I know, the requester has to have access to the domain name in some way (eg an email address) in order to prove they are a valid owner/admin for the domain before the cert is issued. The extra stuff like VAT reg cert, company docs, etc, really don't add that much.

What a patently absurd thing to say.

Okay, I work for Joe Bloggs Company Services Ltd. I have an email address on joebloggscompanyservices.co.uk domain name - I am the tea boy there. So by having an email address, that gives me authority to have an SSL issued does it? The checks on business documents etc. are essential, as it makes it more difficult for someone without authority to pass themselves off as having authority to obtain an SSL certificate.

EV SSL do some quite deep checks, the ones we've done have had to have items signed by the company accountant and/or legal representative as well as a high level manager - that could be verified as being such.

TDMWeb · 7th March 2008

I'd agree with Andy's balance of view.

Karl, I'm afraid we'll have to agree to disagree on the overall practical value to ecommerce security of these extra checks

While you and I may understand what's involved in the various processes, the average punter has not got a clue and just looks for the padlock. Personally, I tend to look at a number of things to assure myself that the shop site is legit and safe.

fcolor · 12th April 2008

I think that you can prepare a list of requirements and to send it a few hosting providers. This way you will test their response time and will be able to fnd which is more friendly to its prospective customers. Ask about options you'd have and about software customization.