All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is hosting WHMCS on shared hosting really that bad?
I have a couple of reseller accounts and x amount of low paying customers who just run some simple wordpress/static stuff etc. I've been manually billing them up until now but would like to consolidate this effort and run whmcs. Managing the packages centrally would be cool too.
That being said, I'm no linux guy and setting up and hardening a centos vps isnt appealing to me nor do I think I'd do a good job. In my mind it makes more sense to me to just use a shared hosting account with a decent host who will have likely done a much better job of setting up their server than I would have. (for example ramnode shared hosting).
Now, I understand the risks to a degree of hosting customer data this way, but as long as the cpanel server is running cagefs and is set up properly, which im sure ramnode and co would have done, are the risks really so much that it's still a no-no?
If the operation ever grew I'd no doubt look at moving whmcs to a KVM or something, but until then, shoud I be OK with shared with a reputable host?
Cheers
Comments
Well the question I guess is how valuable is your data on whmcs? If it were to get hacked and deleted for example.... Could you survive?
The short answer to your question is, no, don't do it, it's a bad idea. But there are sometimes some circumstances that can justify this bad practice.
But if you just want to save a few bucks... That doesn't seem reasonable. And a managed VPS for a whmcs install woukd seem fairly easy and cheap to obtain.
If your customers are cheapos this is not a bad solution - http://www.boxbilling.com
But how would that change his question? He'd still have to choose between shared and vps.
I don't consider this a "bad practice".
If you don't trust your shared provider, find another provider. I would move WHMCS to a VPS if I needed more horsepower, but not automatically because of security. By that rule, every shopping cart app in the world must be put into an isolated VPS.
Also, OP has stated he's not a sysadmin pro. If so, his VPS will likely be less secure than a shared provider's system.
I've looked around at the various competitors (not that one though, thanks) but one feature I'm interested in is affiliate functions and whmcs seems to be the only one to have this covered.
Also, the host I use offers a free starter licence for whmcs so pretty good for me.
Cheers
That's my thinking, but I guess the responsible thing to do, if it's that much of a problem would be to either not do it at all or go managed, but then how do I know if they have done a good job?
which host do you use, if I may ask?
i think whmcs on shared hosting its ok for starter, but should have a good security because its a shared environment, good connection because you won't dissapoint your customer and have good backup option from your host, and also make your own backup (must)
Atleast Blesta ran very smooth on Ramnode Shared
I've been looking for a decent cloud web hosting solution. I don't want to roll my own with a VPS and I don't want shared hosting so something in between would be awesome.
It will be better you spend a little time to learn about Linux and CLI. VPS is better.
Not always.
VPS offers more customization. Is it more powerful? Not necessarily. Is it more reliable? Depends. Is it more secure? Can be.
There are no general answers to these questions, it all depends on the providers and what packages they're offering.
If you are using WHMCS in Shared hosting (like me), don't forget to take backups by email every day. You can set it up in the WHMCS admin area to send an auto backup of your DB to your email every day.
Yes, There is a many points.
VPS or Dedicated server is more powerful, Your competitor can try to take your site down and your business will be disturbed.
>
If the server of the VPS, goes down, your VPS also goes down, if the power or upstrem go down/have issues, your server will also go down/unreachable.
Your point is pointless
Exactly what i was thinking.
Same goes for this unless competitor is to scared of mighty VPS to try taking it down. Or is it just that competitors taking down your VPS is alright for business? All those questions...
I had same expression
Which makes me wonder. Why do we have only one heart? We need two.
Amen to George Lippert
Time Lords have two so why can't we?
You did not understand anything, You just post this for shake of bashing.
I did not said that host your VPS + Shared Server + Backup server on same server.
Lets summarize
>
You don't show the advantages of having a VPS or Dedicated server in this 3 points. Everything you wrote is true for all of them.
Shared, VPS and Dedicated have control panels that are prone to being bruteforced, support teams from the company you bought that can be target of a social engineering attack, all servers can crash and even the electricity or upstream go down.
Really? You did not mention that datacenter can be bombarded
I don't see any point in hosting your billing site on Shared Hosting, Only Summer Host can do this. (Very Unprofessional)
I agree that it's unprofessional, but besides that, it's not "really that bad".
>
You should be more than fine, just ask your hosting provider to reissue the license when you move
I dont think I claimed to not be a Summer Host, gotta start somewhere. I hope to one day be an all season host, but not too much.
Absolutely it is bad!
No, it's perfectly fine.
Just remember one thing. Don't forget to come back here and tell us how it all crumbled down when something does happen.
Can't recall the last time I heard of one user on shared hosting compromising another user. As popular as it is, and with as many people around that claim it so insecure, you'd think one of these days we'd run into it.
But the reality is it's not a profitable angle. So many shared hosting customers make themselves vulnerable that attacking the host is the long path to nearly the same gain. As long as this is true, shared hosting with a reputable provider will be "fine" in actual practice for your whmcs install.
When shared hosting customers are not easily compromised by the millions, based on their own poor installation or maintenance of a CMS, then going after the nodes might make sense. So, then, might abandoning what someone else sees as a gold mine.
I hope to sell my summer host to EIG before then
This might be less of a problem now with increased isolation features, but it used to be a really big problem. Some symlink trickery and you could usually get at any user's data.