Finding a new hosting company for your site is challenging. I mostly use DigitalOcean, therefore I have to take care of my own security. But when third parties ask for a good hosting for their e.g. PHP/Drupal/Wordpress site, I choke. I have to compare pricing, packages, performance and when I tangled all that, I have to check if they are secure. (I don’t want their database on the street or a defaced website).
On my last hunt to find a decent hosting provider, I got fed up. There are so many providers and when checking their software, you sometimes see that their front page has outdated PHP, as in 5.3 old. EOL for 11 months. That really bothers me. How can I rely on their security when their frontpage isn’t even up-to-date.
To warn future customers, I compiled a shame list including all hosting providers having 2 or more outdated software. Outdated, in this case, means being on an unsupported branch. I didn’t count software that are on a supported branch but are not the newest release.
Edit: To clarify, when I say outdated PHP 5.3, I only mean the standalone PHP version. When an Ubuntu version was detected, it was correctly marked as maintained.
The infamy list
|Name||# Issues||Extra information|
|CoolHandle||4||Outdated WordPress and PHP version. Vulnerable for Freak and Logjam attacks.|
|Got Web Host||3||Unsupported WordPress version, vulnerable for Logjam and Freak attacks.|
|Verio||3||Outdated Apache version. Vulnerable for Logjam and Freak attacks.|
|Webhosting Buzz||2||Outdated PHP and WordPress version.|
|Crucial Paradigm||2||Outdated Apache version. Vulnerable for Logjam attack.|
|City Network||2||Outdated Nginx version. Vulnerable for Logjam attack.|
|FutureQuest||2||Outdated Nginx and PHP version.|
|InMotion Hosting||2||Outdated PHP version and vulnerable for the Logjam attack.|
|Lunarpages||2||Outdated PHP version and vulnerable for the Logjam attack.|
|Mister||2||Outdated PHP and OpenSSH version.|
|UK2||2||Outdated PHP version. Vulnerable for the Logjam attack.|
|Vodahost||2||Outdated OpenSSH and PHP version.|
|A2 Hosting||1||Outdated PHP version.|
|AN Hosting||1||Outdated PHP version.|
|BlueFish Web Hosting||1||Outdated Operating system (all packages).|
|Eleven2||1||Outdated PHP version.|
|Hostgator||1||Outdated PHP version.|
|Midphase||1||Outdated PHP version.|
|Westhost||1||Outdated PHP version.|
Check here for the full list of servers (~100) I scanned.
- 1&1 UK
- 1&1 USA
- A2 Hosting
- AN Hosting
- Apollo Hosting
- Big Commerce
- BlueFish Hosting
- Certified Hosting
- City Network
- Crucial Paradigm
- Digital Ocean
- Hagen Hosting
- Host Excellence
- Host Head
- InMotion Hosting
- IX Web Hosting
- Liquid Web
- Little Oak Hosting
- Media Temple
- Network Solutions
- Web Hosting Hub
- Web Hosting Pad
If you are one of the hosting companies above. Contact us when solved to remove you from the list..