I’ve recently ditched GoDaddy for my personal hosting needs, moving my stuff (including this blog) to SiteGround. In this post, I talk about why I moved and the rewards for doing so. Also, I’ll share my initial experiences of using Let’s Encrypt and Cloudflare, which SiteGround has enabled.
When I first bought my domain back in 2008, the internet was a different place and I was pretty clueless when it came to the process of registering a domain and connecting it to hosting. I did what a lot of people do – I bought the whole lot from GoDaddy. I’ve been a customer ever since, even if this is more a reflection of inertia than loyalty.
Out with the old…
Having recently decided to start blogging again, I’ve been giving my site a bit of a “spring clean”. In between updating plugins and clearing out drafts, I noticed that WordPress was warning me about an insecure version of PHP.
Suitably chastised, I immediately logged into my GoDaddy account and set to work. Unfortunately, I soon found that my options were very limited. For my hosting, I was able to choose between PHP version 5.4 or 5.6. The good news is that I was already on version 5.6. The bad news is that active support for 5.6 ended in early 2017 and in January of this year it had reached “end of life” – no more fixes, even for security.
As per the official documentation, even versions 7.0 and 7.1 are now officially at end of life. The version to use now is 7.4.
Now, I’m not too proud to admit that my site was running such an outdated version of PHP. Heck, I’m not over the moon to be confessing my use of PHP at all. (I jest! I jest!) To be honest, though, I had assumed that GoDaddy would update PHP in the same way they update the OS. It didn’t cross my mind that this would be a manual task. I suppose I spend so much time on managed cloud platforms these days that I’d developed a bit of a blind spot. This site is, after all, the only one I run that uses shared hosting.
I spoke to one of GoDaddy’s support agents, who told me that the issue was the age of the hosting package I was using. In other words, I was being punished for being the fact I’d been a customer so long! I was offered a migration to a more modern package – for a fee of $99.
The end result is that my dissatisfaction with GoDaddy rapidly grew to the point where it could overcome 12 years of inertia. I decided to take my business elsewhere.
… and in with the new
After shopping around a bit, reading reviews, and speaking to some friends, I eventually settled on SiteGround for my hosting needs. At the moment they’re doing a COVID-19 promotion: £0.99 for the first three months. Bit of a no-brainer really.
Jumping ahead a bit, but… I’m so pleased with SiteGround that I’ve signed up to be an affiliate. If you are considering signing up, please consider using my link: https://siteground.co.uk/go/tt38p9uy8z (it doesn’t cost you anything)
The things that drew me to SiteGround included:
- Great reputation and reviews
- UK-based hosting
- Mature and professional
- Transparent about their tech
- Lot’s of nice perks (more on these below)
Registration was super easy and they’ve clearly put a lot of thought into the user experience of managing a hosting account. It’s a long way from CPanel! I very quickly managed to configure DNS, a MySQL database, and an FTP user. In other words, getting my basic WordPress site set up took no time at all.
Getting the site set up so quickly meant I could start to explore a couple of the perks: Let’s Encrypt and Cloudflare integrations.
SSL Certificates from Let’s Encrypt
Let’s Encrypt is a provider of 100% free SSL certificates that launched in 2015. This was hugely disruptive, as until then SSL certificates were quite expensive; not super expensive, but certainly expensive enough to dissuade most amateurs and hobbyists.
Not that the impacts of Let’s Encrypt are limited to personal projects. My team at work are now making extensive use of the free certificates. HTTPS is now standard across all environments.
Unfortunately, despite my being very familiar with Let’s Encrypt, the GoDaddy hosting I was using had, for a long time, made it impractical for me to use it for this blog. Beyond simply not providing a one-click integration, my GoDaddy Linux environment was incapable of running the Let’s Encrypt tool, despite my repeated attempts.
Why wouldn’t GoDaddy make this easier? They’re a big company and I’m sure it has plenty of smart employees – surely they could figure it out? Well, I don’t mean to be cynical, but perhaps it has something to do with the amount of money GoDaddy makes from SSL certificates. Right now they want £44.99 for a single website. Their costs on this are basically zero, meaning they are basically printing money.
Anyway, SiteGround isn’t in the gouging business. They have an integration with Let’s Encrypt baked into the account dashboard. It took me seconds to get a completely free certificate for this site. Oh, and it will automatically renew too!
They also have an option to “force HTTPS”, which I think is the user-friendly term for HSTS. Honestly, the hardest part of moving this blog over to HTTPS was finding out which PHP file contained the hardcoded HTTP reference to Google Fonts!
To be entirely frank, I’m including Cloudflare here because it’s so interesting, rather than because I’ve decided it’s essential for my blog. Obviously, since I’ve not been living under a rock, I have a basic understanding of what Cloudflare does. My understanding of their product, however, has been based on an assumption that only massive sites need it.
Seeing Cloudflare as a push-button option in the account dashboard of a hosting account for which I’ve paid £0.99 just seemed, well, a little incongruous. I mean I obviously pushed the button. (Who amongst us wouldn’t?) But I’m yet to be convinced that I need it.
Part of the reason I find this so interesting is that Cloudflare has some pretty advanced features. I know Troy Hunt, for instance, really likes their edge serverless compute offering. Not quite sure how I’d put that to use on my blog, but I’m chuffed it’s an option!
Another intriguing feature is the built-in firewall. At work, we have a site protected by a GoDaddy managed firewall. We paid (not under my watch) north of £150. The free firewall offered by Cloudflare has all the features we care about.
I’m in the early stages of evaluating Cloudflare but am impressed so far. Anecdotally, the vast amount of spam my contact form used to attract has slowed to a trickle. This corresponds with several blocked requests from Tor users trying to access that form. Hardly a scientific test, but encouraging nonetheless.
One thing to note is that Cloudflare supports TLS 1.0 and 1.1 by default. These are now widely considered to be inadequate and insecure. Luckily, I was alerted to the issue by the Qualsys SSL Server Test tool. (This, by the way, is an excellent tool. I’d recommend it to anyone who works with websites.) This blog initially got a B – this is the max score you can get whilst still offering TLS 1.0 and 1.1. To their credit, Cloudflare does provide an option to set the minimum supported version of TLS for your site. Changing it to TLS 1.2 was all it took to boost this site to a grade of A+ – much better!
It’s been a really eye-opening few days for me. Having been sufficiently annoyed to take action, I now can’t believe I held out for so long. GoDaddy and SiteGround are worlds apart. Where the former seems to hold their customers in contempt, the latter are going out of their way to add value.
I’m really pleased to have finally got my blog running on HTTPS and am really excited to give Cloudflare a proper evaluation. Neither would have been impossible with GoDaddy, but the barriers were just high enough to put me off. With SiteGround, I was encouraged and supported to give both a go.
Interestingly, as I was writing this, a story broke about GoDaddy being hacked. Apparently, hackers gained access to a file controlling SSH access and made off with as many as 28,000 sets of credentials. As an SSH user, I presume I’m included in this figure, although haven’t had any notification from GoDaddy.
If you’re looking for a new hosting provider, I can wholeheartedly recommend SiteGround. I feel very confident that readers of this blog will love SiteGround.
If you want to support this blog (and help me cover the whopping £0.99 hosting costs!) you can use my affiliate link. It won’t cost you a penny, but it’ll help me out.
And to those of you still putting up with GoDaddy, I implore you to consider moving elsewhere. It’s really not that much hassle and the rewards are enormous. You can do it!