Networking

The company responsible for deploying the NBN on Monday said it wants to extend the duration of its wholesale discounts and data inclusions by an additional year.
NBN committed to providing the two-year bundle discount in its 2019 pricing review due to the Australian Competition and Consumer Commission and industry calling for price reductions on entry-level wholesale products.
Published as part of its third pricing review consultation paper, NBN said it wants to extend the two-year Connectivity Virtual Circuit (CVC) discount bundle, from April 2022 to April 2023, as Australians have spent more time at home as a result of COVID-19, with total NBN internet usage having experienced a 32% increase year-on-year.
With this proposal, NBN has put forth two options regarding how it wants to go about extending these discounts. The first option would entail maintaining the bundles discount at the same charge rate of May 2021 while increasing CVC capacity inclusions by between 0.10 Mbps to 0.50 Mbps in May 2022 at no extra cost to retailers.
NBN’s second option, meanwhile, would rejig the CVC charges for the 50Mbps and faster bundles by increasing the access charge by AU$2. In doing so, NBN would provide up to an additional AU$2.80 worth of CVC inclusions over and above the inclusions when compared to the May 2021 levels, which NBN claimed would be a 17-29% discount for the additional CVC inclusions.
In addition, NBN wants to update the pricing of its original wholesale plans of 250/100Mbps, 500/200Mbps, and close to 1000/400Mbps so they are more appropriately priced for small and medium-sized businesses.
According to NBN, residential consumers that previously used these plans have primarily moved to lower-priced plans. As such, NBN has proposed pricing these plans, respectively, at AU$100 for 5.5Mbps of included CVC capacity, AU$160 with 6Mbps of CVC, and AU$230 with 6.75Mbps on the 1000Mbps plan.

NBN will also look to provide an additional 0.25Mbps of CVC inclusion for the 25/5-10 Mbps, 50/20Mbps, and Wireless Plus plans and reduce the entry-level bundle additional charge to AU$0 from May onwards.
In addition, NBN said in the consultation paper that it is exploring various longer-term strategic options to continue to “evolve its wholesale pricing”.
None of these longer-term proposals were released in this latest consultation paper as NBN said it is seeking feedback for these options across two rounds.
These longer-term proposals will be published during the middle of Q2 2021 after it receives the first round of industry feedback from this latest consultation paper, it said.
Over 50 internet retailers and consumer advocacy groups have been invited by NBN to provide feedback on these proposed changes to pricing, with NBN to finalise its decisions from the latest consultation by the end of April.
Last week, NBN reported positive earnings at year-end after a solid first half. For the six months to the end of 2020, NBN reported a 25% increase in revenue to AU$2.26 billion, which it said was thanks to 660,000 premises joining the network and increased demand for higher speed plans.
Related Coverage More

The Australian space and satellite sector has urged for the Australian government to introduce policies and regulations to ensure there is compliance within the industry, without hindering potential growth opportunities.
These calls have been vocalised by the likes of Optus, Nova Systems, and Vocus, with each making submissions as part of a Standing Committee inquiry into developing Australia’s space industry.
Vocus noted in its submission [PDF] that the Australian government should pursue policy and regulatory settings for the space and satellite sector that develop and maintain sovereign capability for both civil and defence space applications, while also incentivising private sector investment and local industry development.
“Government policy settings should be set in such a way as to promote and maximise private investment and develop private industry. Private sector investment is fundamental to enabling competition, building scale, and developing capability which will deliver the best outcomes for consumers, businesses, and government agencies,” Vocus stated.
Similar recommendations [PDF] were made by Optus, which highlighted it was “important that Australia maintains an Australian-based and operated satellite capacity, particularly with regards to national security capabilities”, and urged for the Commonwealth to make it a priority while also ensuring that administrative and regulatory frameworks are “fit-for-purpose and not burdensome on the space and satellite sector”.
For Nova Systems, an Adelaide-based engineering and management services company, it believes introducing regulation would provide “certainty” as the local space sector continues to develop. 
“Australia’s legislation should be supported with tools and resources which enable industry to efficiently meet their legal obligations,” the company wrote in its submission [PDF].

Nova Systems highlighted that regulation is particularly necessary around requirements for launch facility licence and launch permit applications as, in their current state, they “provide minimal guidance on expected content and intent” and could result in “significant differences in expectations between stakeholders” and “significant uncertainty of cost and schedule” for applicants.
Companies that wish to conduct launches in Australia are currently required to apply for these licences under the Space Activities Act 1998. However, the onus remains on the applicant to provide the information required under the Act. Since the establishment of the Australian Space Agency in 2018, there have been 16 applications made for launch facility licences and Australian launch permits, a significant jump from the one launch and one return approved during the period 2001-2014.
Nova Systems suggested a possible way around this could be tailoring the process. 
“Inherently low risk to public safety or the space environment undertaken with small investments need not be subjected to the same process as large commercial endeavours with higher levels of risk. If possible, tailoring of the process could apply to the level of independent assessment industry is required to obtain, the size, detail and type of documentation required and the processing timeframes,” the company said.
Meanwhile, Optus recommended that the amount of documentation required to apply for these licences be reduced to encourage greater commercialisation in the industry.
One of the other key priorities that need to be considered by the committee, according to ViaSat’s submission [PDF], is the role that policies and regulations could play to ensure there is equal access to spectrum.
“The International Telecommunications Union (ITU) created rules 20 years ago that were based on the existence of only 3.5 NGSO (non-geostationary) systems and were based on very different technology than is being employed today. These rules are critically out of date and the associated rules on the national level are not in place to protect against this NGSO interference threat,” it said.
“These … must be strengthened. Otherwise, the operation of NGSOs threatens to unduly constrain the capacity and throughput of the GSO (geostationary) systems that provide critical commercial and Defence capabilities throughout Australia.”
Viasat cautioned that if this was not handled promptly, “Australia may find its ability to implement or authorise satellite systems restricted by the actions of other jurisdictions and administrations, and its ability to control its own natural environment compromised”.
The Commonwealth Scientific and Industrial Research Organisation (CSIRO) also made a submission [PDF] to the committee. It said that for Australia’s space sector to maintain long-term competitiveness, ongoing support is necessary for the space science sector, something which it believes is lacking. CSIRO highlighted, for instance, that the Australian Space Agency does not have a science-specific program but believe it is necessary to drive the long-term success of the sector.
It added that Australia’s space sector could do with more than one space mission. 
“A single space mission is not sufficient to catalyse and sustain such an industry; instead, a long-term pipeline of opportunities is required,” CSIRO recommended.
SmartSat Cooperative Research Centre (CRC) echoed similar remarks, pointing out that government-endorsed national space research is “essential for this discussion” but does not currently exist. The consortium of universities and other research organisations argued that the industry would function more efficiently if there was an agreement on national space research priorities, instead of numerous public-funded programs at national and state levels.
“It must be recognised that funding organisations need to meet their own objectives, however coordinating priorities at the national level also has clear advantages in helping focus the application of resources on areas delivering the greatest national benefit,” SmartSat CRC noted in its submission [PDF].
“Given a number of space research strategies and roadmaps already exist, and more are under development, this is largely a consolidation activity but identifying common interests and priorities may also help identify critical areas worthy of additional funding.”
On the point of developing space satellites, technology, and equipment, SmartSat CRC warned that funding and other necessary support needed to be consistent to avoid a stop-start notion and sporadic funding. It pointed to the Defence shipbuilding coming across an issue where there were long gaps between orders, which led to “dangerous loss of skills and capabilities and impaired international competitiveness”.
Airbus also wants to see a national approach to Australia’s space strategy be developed so that direct lines of departmental responsibility are clearly outlined and cooperation can occur between civil and defence programs.
Alongside this, Airbus wrote in its submission [PDF] that it wants to see an official definition of “sovereignty” be established in order to ensure commercialisation is central to the Australian Space Agency’s mission with strong links to international partners established, among other recommendations.
The company said it is looking to “substantially increase sovereign industrial space and defence capability in Australia”, and believes that this can be achieved through a combination of prime contractors working with SMEs.
In Geoscience Australia’s submission [PDF], it took the opportunity to identify potential barriers of growth that could hurt Australia’s space industry. These included risks to ongoing access to critical satellite data, ability to assure customers of product quality, support for export of space applications, shortage of local skills, and access to space data tailored to local and regional needs.
Taking these potential barriers into consideration, Geoscience Australia said the nation could overcome them by maintaining an open data policy for any satellites Australia supports by using public funds; establishing an ongoing national capability to coordinate and drive the development of a national network of quality assurance facilities for space applications; establishing an ongoing program that supports Australian innovators to tailor products and services developed for local markets to meet the needs of export markets, while also working with international partners; encouraging more individuals to seek a career in STEM; and establishing satellite ground stations in Australia’s Antarctic territory.
The Australian Space Agency, which is responsible for whole-of-government coordination of civil space matters, emphasised in its submission [PDF] the opportunity to grow in Australia’s space sector would have spill-over benefits to other industries, such as agriculture or assisting with bushfires.
“Space 2.0 is an enabler and part of the ‘Fourth Industrial Revolution’ … this rapid transformation of industry and the space sector is one of the many reasons why Australia can harness a greater share of the global space economy,” the agency said.
“There are a growing number of business opportunities and Australian businesses have a range of capabilities that can diversify into the space sector. This means that, unlike traditional systems and structures for involvement in space, government’s role can be one of a partner and facilitator.”
The Standing Committee on Industry, Innovation, Science and Resources adopted the inquiry in November after it was referred to by the Minister for Industry, Science and Technology Karen Andrews to see how the Australian Space Agency could achieve its goal of tripling the size of the sector to AU$12 billion and create an additional 20,000 jobs over the next decade.
Chaired by Liberal MP Barnaby Joyce, the committee will specifically examine the opportunities presented by Australia’s space industry, and what is required to strengthen support for domestic and international space-related activities, including the development of space technology and equipment, commercialisation of research and development, future workforce requirements, and international collaboration.
Deadline for submissions to the committed closed on January 29. 
More Space News from Down Under More

If you’re looking for a web hosting provider, you have a tremendous number of choices. In my Best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into HostGator’s offerings. Stay tuned for in-depth looks at other providers in future articles.
HostGator at a glance
HostGator was founded in 2002 by a student at Florida Atlantic University (hence the “gator” in HostGator). Today, HostGator is one of nearly 100 web hosting brands owned by Endurance International Group (EIG).
EIG was in the news in 2018, when the Times of India reported that its former CEO and CFO were charged by the US Securities and Exchange Commission for “overstating the company’s subscriber base.” The company agreed to pay an $8 million penalty without admitting fault.
UPDATE: HostGator reached out to us requesting changes to the Quick Security Checks section of this article. Their comments and our responses are included inline in that section.

Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of HostGator, there were some bright spots, some annoyances, and some serious security concerns.
For the series of hosting reviews I’m doing now, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of HostGator, that’s what they call their Hatchling plan. To get pricing, I simply went to the company’s main site at HostGator.com. If you want to save some money, though, read to the end of this section.
Like nearly every hosting provider in the business, their offering is somewhat misleading. There is no option to just get billed $2.75 per month. Notice the all-powerful asterisk next to the price.
While it looks like you can get the Hatchling plan for $2.75 per month, that’s only if you prepay for three full years, which means you’re actually paying $105.35. If you want only one year, you’re charging $76.11 to your card (which is $5.95 per month). If you want to buy the service on a month-by-month basis, you’re paying $10.95 per month.
When you hit the Buy Now button, the company pre-populates a one year subscription with optional add-ons for site monitoring and backup, adding $43.94 to the bill (but you can uncheck these options).
There’s a painful gotcha to these “starting at” prices. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. Instead of paying $105.35 for three years, upon renewal you’ll be paying a whopping $250.20 on a single credit card charge, a price increase that’s more than double the original price.
View Now at HostGator
What the base plan includes
As with most hosting vendors these days, HostGator claims unlimited disk space, unlimited bandwidth, and unlimited email. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabytes of video, for example. They also state, “HostGator expressly reserves the right to review every shared account for excessive usage of CPU, disk space and other resources that may be caused by a violation of this Agreement or the Acceptable Use Policy.”
In other words, don’t abuse the resources you’re buying, and buy the level of plan reasonably commensurate with your expected usage. If you’re about to run a big, national promotion where you expect lots of traffic, you might not want to use the Hatchling plan. If you get too much traffic, HostGator might shut you down or bill you a lot more.

Their terms of service continue, “HostGator may, in our sole discretion, terminate access to the Services, apply additional fees, or remove or delete User Content for those accounts that are found to be in violation of HostGator’s terms and conditions.”
The base-level plan has some compelling features. First, and this is important as we move forward in a quest for a more secure web, is the availability of free SSL for your site. This adds that little lock icon to your browser’s address bar and makes sure traffic between your site and your visitors is encrypted.
The company also offers 24/7/365 support which not only includes ticket and chat but phone support as well. While you’re only able to use one domain, you can use as many subdomains as you wish. The company also provides a coupon for $100 in Google ads and another $100 in Bing ads. While you probably won’t get enough ad hits to cover your cost of hosting, it will help you get your feet wet in the world of Google and Bing advertising.
Dashboard access
The first thing I like to do when looking at a new hosting provider is explore their dashboard. Is it an old friend, like cPanel? Is it some sort of cobbled-together home-grown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into HostGator’s dashboard, you’re greeted with their customer portal. Here you can manage your credit card information, get support, and — most important, apparently — buy the upsell options they offer.

This is not the only dashboard you’ll be using. The main dashboard is cPanel, which is common to many, many sites across the Web. While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site.
It took a surprisingly long time for cPanel to launch, almost a full minute. What’s a little more bothersome, though, is the range of additional upsells in the middle of cPanel. cPanel is usually pretty predictable and seeing almost as many ads and upsells as management options were tedious.

Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I went ahead and clicked the Build a New WordPress Site button on the main cPanel page… and got hit with another page of upsell promotions:

At $399, prices were really starting to climb from that tasty little $2.75 offer the company promoted. The promos on this setup page didn’t say what theme they’d be installing. WordPress does come with a nice set of free themes, and most themes are relatively inexpensive. I tried to figure out what the $399 program was for, but as far as I can tell, it’s simply setting up WordPress, which is usually about a five-minute process.
The difference between the $199 and $399 program was the addition of SEO and WordPress site security. To be fair, most WordPress security plugins and add-ons cost about a hundred bucks a year, and there are premium SEO plugins that can cost a similar amount. But without going all the way through the checkout, it wasn’t clear what tools HostGator was providing in return for its almost $400 of upsell.
My advice is to skip these upsells. Simply install WordPress, get to know your site, and then start with a tool like Wordfence or Sucuri to keep your site protected.
Once I entered my user name and domain, I was… wait for it… presented with another upsell:

I went ahead and hit the login button, and… it failed:

I took a quick look at the File Manager and determined that the WordPress install appeared to be in place. So, instead of using HostGator’s login button, I just used the standard WordPress admin URL, which is domain.com/wp-admin. This worked.
I was, however, no longer surprised to find more upsells. In this case, the entire main dashboard page — going well below the scroll of the page — had upsells.

There seems to be a big push for using a number of plugins that are either freemium or affiliate-based. Jetpack is produced by Automattic, the company behind WordPress. It also has an affiliate program.
My guess is that HostGator is pre-installing plugins where they get some affiliate revenue. There’s nothing particularly wrong with that, but plastering these upsells in the middle of configuration screens is getting old.
HostGator also dropped in a plugin for something called Mojo Marketplace. This, too, had pages and pages of upsells, this time for themes.

With all the added plugins, junk, and upsell, it’s no wonder that the site initially failed when I hit the site login button from the HostGator dashboard.
Let me be clear. There is nothing wrong with using lots of plugins on a WordPress site. That’s one of WordPress’s biggest strengths. But filling a site with crapware before it’s even live is nothing but a distraction, can add a considerable amount of confusion to new users, and may cause potential problems in terms of functionality. Plus, it’s just rude.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an e-commerce site of any kind. You also don’t want to distribute malware to your visitors. That’s bad.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether HostGator’s most inexpensive platform is starting with a secure foundation. Here’s the tl;dr: it’s not. This thing is dangerously insecure.
The first of these quick checks is multifactor authentication. It’s way too easy for hackers to just bang away at a website’s login screen and brute-force a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding HostGator for what I consider a pretty serious security flaw. When you log into their customer portal, all you need to provide is a username and password. However, if you want to ask support questions and get answers, you do need to set up a support PIN. This is a partial step forward. The problem is that if you’re able to log into the main management account, you can change the email address associated with it, and then have a new support PIN sent out. The bottom line is without a second factor for login authentication, the PIN is essentially worthless.
Secondly, according to the support person I reached out to on chat, HostGator’s cPanel implementation also does not support multi-factor authentication, at least in the lower-end accounts.

Multi-factor authentication should never be an upsell option or provided only for premium accounts. It takes very little effort for a hosting provider to enable it. Not only does it protect the individual customers using the feature, but it also protects all the customers of the hosting provider. That’s because most shared hosting servers share IP addresses. If a spammer or scammer hijacks a shared hosting account and that account is blocked, it’s entirely possible that all the accounts sharing that IP or that IP’s larger block of numbers will be blocked as well.
I strongly recommend that HostGator implement MFA for all accounts immediately, for their benefit as well as that of their customers.
I mentioned earlier that HostGator provides a free SSL certificate. They’re using Let’s Encrypt, a program that provides free, automated SSL certificates. Let’s Encrypt is enabled by default, so once you set up a website, all you need to do is use your https:// in your URL to provide encrypted URLs for your visitors.
As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings derived from the HostGator versions page and a pleasant tech support conversation, as of the day I tested [in July 2019], for HostGator’s Hatchling plan:

Component

Version Provided

Current Version

How Old

PHP

7.4

7.4.14 (8.0 is still a bit new)

reasonably current 

MySQL

5.6.x

8.0.23

8 years / 2904 days (end of support is Feb 21)

cURL

7.19.7

7.75

11.3 years / 4124 days

OpenSSL

 1.0.1e-fips 11

1.0.2t (and 1.1.1)

7.1 years / 2592 days

The cURL library, which is meant for data transfer, particularly of secure information, is vastly and woefully out of date. A quick look at the cURL release table shows there have been thousands of bugs fixed and hundreds of vulnerabilities resolved since the version of cURL being provided by HostGator was released back in 2009. That’s more than a decade old. That would be like walking around today with an iPhone 3GS and running Windows Vista on your PC!
UPDATE: HostGator told us, “cURL does list an older raw version, but RedHat/CentOS backport security patches and we update all servers at least daily. This is standard for RedHat/CentOS and expected behavior.” This is actually a very interesting process. Red Hat does go back to older versions of standard Linux software and port security fixes, as HostGator stated. However, even with security fixes applied, offering a nearly 10-year-old version of cURL will provide website owners with ongoing compatibility challenges, particularly with payment gateways.
The company supports OpenSSL 1.0.1e-fips 11, where the absolutely most current version is 1.1.1. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. Here, despite all the version number confusion, there’s one fact you need to know: the version of OpenSSL HostGator is supplying is also vastly out of date.
UPDATE: HostGator told us, “OpenSSL also lists an older raw version, but again RedHat backports security patches and we ensure daily updates.” This is the same backporting process Red Hat uses for cURL. It means that while security flaws have been updated, the version and its compatibility is still nearly a decade old.
HostGator is using version 5.6 of MySQL. While MySQL supports many versions, the latest is 8.0. HostGator’s MySQL implementation is eight years old.
UPDATE: HostGator told us, “All HG boxes have MySQL 5.6 or higher. The article reports 5.5, which hasn’t been in place for a long time.” While this was the version shown on HostGator’s own versions page when the article was written, we’re glad to see MySQL has been updated.
What’s worse, each of the versions of these packages are below WordPress’s minimum requirements. 
Because MFA is not available and because many of these versions (even with backported security updates) will cause modern software to fail, we consider HostGator a less than optimal choice for e-commerce or any security-related site.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea of what to expect, and that’s what we’re doing here. The way I test is to use the fresh install of WordPress and then test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
One note: normally I wouldn’t test a site with all the crapware plugins installed. But since most users who buy these plans probably won’t know how to remove the plugins or which plugins are safe to remove, I tested performance with those plugins installed. I fully expected performance numbers to take a hit from all that added cruft, but I was wrong. The performance wasn’t bad at all.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site and then measures the responsiveness.

The Load Impact test was also somewhat unexpected. At the beginning of the test, some page load times took longer than they should. But as the number of virtual users climbed, responsiveness settled into a nice rhythm.
While lower-end hosting plans often have spotty performance, this was a good showing. Most lower-end plans, including the one we’re testing, share server resources with other customers. So, at times of heavy activity, if one site is seeing heavy usage, the other sites may suffer. I’m testing this site on a Sunday afternoon, which is a relatively slow period in web hosting terms, but even so, the performance for this bottom-end site was unexpectedly reasonable.
Support responsiveness
I only needed to contact support once, through the chat interface. I was connected to someone within about five minutes. It took a few more minutes to establish a support PIN, but then I got my answer quickly.
For a Sunday afternoon, it was a complete, reasonably knowledgeable answer. I’ve certainly experienced far worse support.

Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The only way to truly know what it’s like to use a service is to run a live website on it for a few years. That said, I was both pleased and disappointed with HostGator’s showing.
I found my interactions with HostGator’s customer portal and cPanel to be sluggish. It often took 30 seconds to a minute for a click to process through to a result.
On the other hand, the performance of the site being hosted by HostGator, the site you’re paying for and want to be highly performant, was quite good.
HostGator’s relatively constant upsell, especially within the configuration and operational aspects of the control panel proved intrusive. The company installed way too many plugins in the default WordPress install, which not only caused the initial login to fail, but might make it far more confusing for new users.
Finally, the company’s lack of support for modern security protocols and login security is deeply disturbing. They’re letting hundreds of thousands of customers launch websites with woefully out-of-date security software. Given that the security libraries are free and open source, there’s just no supportable reason for HostGator to be lax on this most important aspect of Web security.
The company offers a 45-day money-back guarantee, which is reasonable.
The bottom line is this: if you want to set up a simple website as an online brochure, HostGator should be fine. But if you want users to log in to or pay for something through your site, do not use this plan.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

If you’re looking for a web hosting provider, you have a tremendous number of choices. In The best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into Hostinger’s offerings.
Hostinger at a glance
Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of Hostinger, the quality was quite reasonable with good value for the price.

For this series of hosting reviews, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of Hostinger, it’s their Single Shared Hosting plan. To get pricing, I simply went to the company’s main site at Hostinger.com.
As with most every hosting provider, Hostinger’s published pricing is somewhat misleading. There is no option to just get billed 80 cents per month.
While it looks like you can get the Single Shared Hosting plan for $0.99 per month, that’s only if you prepay for four full years, which means you’re actually paying $47.52. Now, to be fair, 47 bucks for four years of hosting is a very good deal, but it is confusing. If you want only one year, you’re charging $35.88 to your card (which is $2.99 per month). Still not bad, at least for the first year.
There’s a gotcha though. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. When you renew your one year plan, you’re going to jump to $5.99/month or $71.88/year. Of course, we have no idea what the pricing will be in four years, but you get the idea. 
While $5.99/mo itself isn’t a bad price for basic hosting, the fact is, your price will jump by more than double what you paid when you signed up. Now, Hostinger does note that they offer promotions for existing users, so your renewal price won’t necessarily increase to the full price. But again, we have no idea what promotions will be in effect in four years.
On the other hand, if you do sign up for the base Hostinger plan, you pay one shot of $47.52 and — assuming you don’t need more capacity — you’ve locked in a solution that you don’t need to worry about for an entire four years.
I focus on these pricing gimmicks in my reviews because it can be really unpleasant to suddenly get a bill that’s hundreds or even thousands of dollars (depending on the plan) more than you expected. Second, switching from one hosting provider to another hosting provider can be a very time-consuming and possibly expensive job, fraught with hassles and potential points of failure.
At least half of the hosting vendors I’ve looked at over the years do these promo deals, with big jumps in renewal fees.
View Now at Hostinger
What the base plan includes
Most bottom-end plans are for one website, and Hostinger is no different.
Before we move into the details, let’s spend a moment talking about what a base plan really is. All websites are not created equal. While you might be able to pay under a buck a month to run your website, I pay about a hundred bucks each month to run my small fleet of sites. 
A base site is designed for a business or individual who wants a basic online presence. That’s a bunch of pages, some product or service shots, and a lot of text. If you want to run complex web applications, or you expect a lot of traffic, a basic site is not for you.

If you’re just trying to get started with an online presence, starting simply is a good way to go. In this series, we’re reviewing the least expensive program each hosting provider offers. That’s going to be what the majority of buyers will want, and it will give us a good insight into the company.
Unlike most hosting vendors these days, Hostinger does not claim unlimited disk space, unlimited bandwidth, and unlimited email, at least for their entry-level plan. The Single Shared Hosting plan comes with 10GB SSD space, up to 100GB bandwidth, and one email account.
They start promoting “unlimited” for their next tier up, Premium, which is $1.99 per month for four years and renews at $4.99 per month.
Be careful, though. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabits of video, for example. They also state, amusingly, that  “All Web Hosting plans, including the unlimited plans, are subject to a limit…” Read their terms of service for the actual limits on their unlimited accounts. In other words, if your site suddenly becomes some sort of viral hit (you lucky thing!), you’re probably going to have to pay more to keep your site running.
There are some wins, most notably that even the basic plan is hosted on SSDs. Even if a site is using caching (which reduces the load on a server), having fast drives is always a plus.
The company does have 24/7/365 live chat support, which — based on my own use of their service — is quite responsive. You are allowed two subdomains. You can park an unlimited number of domain names on the account. FTP over SSL is available, which is important for keeping your site secure while transferring files in and out.
Hostinger offers a 30-day money-back guarantee. It’s not as long as some of their competitors, but it is a fair amount of time for you to get a simple site up and running and see how things work.
Dashboard access
The first thing I like to do when looking at a new hosting provider is exploring their dashboard. Is an old friend, like cPanel? Is it some sort of janky, barely configured open source or homegrown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into Hostinger’s dashboard, you’re greeted with a very well-designed getting started screen. You have five clear options:

I like this a lot. With most hosting plans, it’s pretty simple to do a WordPress install using Softaculous, but you need to know enough to find the panel and find the install tool. With Hostinger, it’s just one click of the big yellow box (or purple or green box) and you’re on your way.
Of course, I went with “Skip this” because I wanted to see what would happen. I’m like that.
With that, I was dropped into cPanel, using a clean and modern skin. If you’re comfortable around web hosting, this is an old friend.

While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site. Hostinger seems to have enabled most of cPanel’s main capabilities, so even with a basic account, I didn’t feel restricted.
Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I did expect to see Softaculous as the installer but instead found Auto Installer. cPanel allows hosts to choose from an app catalog of installers, and this is the one Hostinger is using. It gets big points by being fully integrated into the cPanel interface. Since newbies might not know the name Softaculous leads to more apps, it’s actually a clean, simple way to go.

I went ahead and clicked WordPress, answered some basic configuration questions, and after a minor snag (my mistake) that I’ll describe in my discussion of support, was presented with an installed WordPress site:

I like this installer. With many cPanel installers, you have to create your own MariaDB or MySQL database and link it into WordPress. This Auto Installer automatically generated the database and properly linked it into WordPress so all I had to do was hit the WP Admin button and log in.
Overall, adding an app using Hostinger’s cPanel went very smoothly.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an e-commerce site of any kind.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether Hostinger’s most inexpensive platform is starting with a secure foundation.
The first of these is multifactor authentication (MFA). It’s way too easy for hackers to just bang away at a website’s login screen and brute-force a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding Hostinger for what I consider to be a pretty serious security flaw. Hostinger does not offer any form of MFA for their dashboard. You, of course, can add a plugin to your WordPress site to put MFA on there, but if the dashboard is open, protecting the site itself is only a weak partial solution.
While Hostinger does not offer SSL with their basic account, you can buy an SSL certificate from them for a one-time fee of $11.95. Activating SSL was quite simple, once the certificate was assigned to the account. All I had to do was click Activate SSL on the dashboard for it to be enabled (and working for my previously-built WordPress site):

As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings (using the Health Check & Troubleshooting plugin), as of the day I tested, for Hostinger’s Single Shared plan:

Component

Version Provided

Current Version

How Old

PHP

7.032

7.2.14

Five months

MySQL/MariaDB

MariaDB 10.2.17

MariaDB 10.3.12

Five months

cURL

7.62.0

7.64.0

Three months

OpenSSL

1.0.2k

1.0.2q (and 1.1.1a)

23 months

In general, these results aren’t bad. You kind of need to know the component to know how to read these results. For example, WordPress prefers PHP 7.2, so even though PHP is only a few months old, it’s due for an upgrade. On the other hand, the cURL library is surprisingly current. A lot of hosting providers are running ancient (and dangerous) versions of cURL, while Hostinger is pretty much up to date.
Also, the company supports OpenSSL 1.0.2k, where the absolutely most current version is 1.1.1a. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. The bottom line is that Hostinger is pretty much where it should be in terms of the system components they’re offering on their platform.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea of what to expect. The way I test is to use the fresh install of WordPress with the standard theme TwentySeventeen. I then performance test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Oddly enough, the German test did not include an image capture of the page being tested. I ran it three times just to be sure it wasn’t a glitch. I’m not too concerned, since the test results from Germany are reporting the same page size as the test from America, so I’ll just chalk it up to an anomaly at Pingdom.
Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site and then measures the responsiveness.

The Load Impact surprised me a bit. As more users are concurrently hitting the site, you’d expect the responsiveness to become more irregular. In this test, response time began at about 71ms, hovered between that and about 131ms, and ended at 83ms. But there was that spike, which pushed that one request out to 2.57 seconds. Even as requests grew from roughly six requests a second to ten times that, response time stayed generally stable.
This is not normally a characteristic of a lower-cost hosting plan. One of the reasons you pay more for a hosting plan is if your business model can’t sustain a reduction of responsiveness, but as we’ve seen, as the number of users increased, responsiveness stayed pretty steady.
None of the tests showed spectacular performance, and I found the responsiveness of the WordPress dashboard to be sluggish, but I wouldn’t expect more from a low-end plan. As you can see, the different tests reported substantially different results, ranging from a B rating to a D+ rating.
I say this a lot in my reviews, but take advantage of the money-back time period to fully test out results for yourself. You have 30 days with Hostinger. Make sure to use them.

Support responsiveness
During testing, I had four different reasons to reach out and ask for help — most related to the information gathering I was doing for this article. All of my contacts were through the chat interface on the Web site.
I initially had difficulty setting up my account. This is a bit of insider baseball, but hosting vendors set up time-limited accounts for me to do my testing on. The settings for the test account were wrong, and I needed to have it reset.
On the Hostinger site, I reached out and after just four minutes, was greeted by Andrius.  Apparently, it was 2:27am in Lithuania where Andrius was helping me. He helped me reset my account, and I was able to set it up using one of my own domain names, which I pointed to the Hostinger name servers. Making that fix, including my discussion with Andrius, took less than a half-hour.
Next, I wanted to clarify the lack of multifactor authentication, so I reached out again. This time, it was Arnas at 12:25am (it was the middle of a Sunday afternoon here in Oregon). He responded within two minutes and answered my question. He also had a delightful Neil Patrick Harris animated sign-off GIF which made me chuckle out loud.
Finally, I spoke to Gytis twice about a few other service plan questions. He jumped onto the chat in about three minutes and answered my questions.
Although I haven’t exhaustively tested the support service (I tried on a Wednesday and a Sunday afternoon), each time someone responded in four minutes or less.
I thought support was quite good, especially for the very basic plan provided by Hostinger.

Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The renewal pricing of about a hundred bucks a year after the initial four-year promotion ends is a bit of a shocker. On the other hand, the fact that you can get four years of hosting for less than $35 total is a solid offer for a set-it-and-forget-it solution for low-end or starter sites.
While the company has a major failing in not offering multi-factor authentication for their dashboard, the components used to drive websites are reasonably up-to-date and should offer a solid base for secure site operations. Plus, their dashboard implementation was well done and trouble-free.
Obviously, you should spend your 30 day trial time testing your site out carefully, but for the price, Hostinger is providing compelling value. 
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

If you’re looking for a web hosting provider, you have a tremendous number of choices. In The best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into Hostinger’s offerings.
Hostinger at a glance
Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of Hostinger, the quality was quite reasonable with good value for the price.

For this series of hosting reviews, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of Hostinger, it’s their Single Shared Hosting plan. To get pricing, I simply went to the company’s main site at Hostinger.com.
As with most every hosting provider, Hostinger’s published pricing is somewhat misleading. There is no option to just get billed 80 cents per month.
While it looks like you can get the Single Shared Hosting plan for $0.99 per month, that’s only if you prepay for four full years, which means you’re actually paying $47.52. Now, to be fair, 47 bucks for four years of hosting is a very good deal, but it is confusing. If you want only one year, you’re charging $35.88 to your card (which is $2.99 per month). Still not bad, at least for the first year.
There’s a gotcha though. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. When you renew your one year plan, you’re going to jump to $5.99/month or $71.88/year. Of course, we have no idea what the pricing will be in four years, but you get the idea. 
While $5.99/mo itself isn’t a bad price for basic hosting, the fact is, your price will jump by more than double what you paid when you signed up. Now, Hostinger does note that they offer promotions for existing users, so your renewal price won’t necessarily increase to the full price. But again, we have no idea what promotions will be in effect in four years.
On the other hand, if you do sign up for the base Hostinger plan, you pay one shot of $47.52 and — assuming you don’t need more capacity — you’ve locked in a solution that you don’t need to worry about for an entire four years.
I focus on these pricing gimmicks in my reviews because it can be really unpleasant to suddenly get a bill that’s hundreds or even thousands of dollars (depending on the plan) more than you expected. Second, switching from one hosting provider to another hosting provider can be a very time-consuming and possibly expensive job, fraught with hassles and potential points of failure.
At least half of the hosting vendors I’ve looked at over the years do these promo deals, with big jumps in renewal fees.
View Now at Hostinger
What the base plan includes
Most bottom-end plans are for one website, and Hostinger is no different.
Before we move into the details, let’s spend a moment talking about what a base plan really is. All websites are not created equal. While you might be able to pay under a buck a month to run your website, I pay about a hundred bucks each month to run my small fleet of sites. 
A base site is designed for a business or individual who wants a basic online presence. That’s a bunch of pages, some product or service shots, and a lot of text. If you want to run complex web applications, or you expect a lot of traffic, a basic site is not for you.

If you’re just trying to get started with an online presence, starting simply is a good way to go. In this series, we’re reviewing the least expensive program each hosting provider offers. That’s going to be what the majority of buyers will want, and it will give us a good insight into the company.
Unlike most hosting vendors these days, Hostinger does not claim unlimited disk space, unlimited bandwidth, and unlimited email, at least for their entry-level plan. The Single Shared Hosting plan comes with 10GB SSD space, up to 100GB bandwidth, and one email account.
They start promoting “unlimited” for their next tier up, Premium, which is $1.99 per month for four years and renews at $4.99 per month.
Be careful, though. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabits of video, for example. They also state, amusingly, that  “All Web Hosting plans, including the unlimited plans, are subject to a limit…” Read their terms of service for the actual limits on their unlimited accounts. In other words, if your site suddenly becomes some sort of viral hit (you lucky thing!), you’re probably going to have to pay more to keep your site running.
There are some wins, most notably that even the basic plan is hosted on SSDs. Even if a site is using caching (which reduces the load on a server), having fast drives is always a plus.
The company does have 24/7/365 live chat support, which — based on my own use of their service — is quite responsive. You are allowed two subdomains. You can park an unlimited number of domain names on the account. FTP over SSL is available, which is important for keeping your site secure while transferring files in and out.
Hostinger offers a 30-day money-back guarantee. It’s not as long as some of their competitors, but it is a fair amount of time for you to get a simple site up and running and see how things work.
Dashboard access
The first thing I like to do when looking at a new hosting provider is exploring their dashboard. Is an old friend, like cPanel? Is it some sort of janky, barely configured open source or homegrown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into Hostinger’s dashboard, you’re greeted with a very well-designed getting started screen. You have five clear options:

I like this a lot. With most hosting plans, it’s pretty simple to do a WordPress install using Softaculous, but you need to know enough to find the panel and find the install tool. With Hostinger, it’s just one click of the big yellow box (or purple or green box) and you’re on your way.
Of course, I went with “Skip this” because I wanted to see what would happen. I’m like that.
With that, I was dropped into cPanel, using a clean and modern skin. If you’re comfortable around web hosting, this is an old friend.

While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site. Hostinger seems to have enabled most of cPanel’s main capabilities, so even with a basic account, I didn’t feel restricted.
Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I did expect to see Softaculous as the installer but instead found Auto Installer. cPanel allows hosts to choose from an app catalog of installers, and this is the one Hostinger is using. It gets big points by being fully integrated into the cPanel interface. Since newbies might not know the name Softaculous leads to more apps, it’s actually a clean, simple way to go.

I went ahead and clicked WordPress, answered some basic configuration questions, and after a minor snag (my mistake) that I’ll describe in my discussion of support, was presented with an installed WordPress site:

I like this installer. With many cPanel installers, you have to create your own MariaDB or MySQL database and link it into WordPress. This Auto Installer automatically generated the database and properly linked it into WordPress so all I had to do was hit the WP Admin button and log in.
Overall, adding an app using Hostinger’s cPanel went very smoothly.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an e-commerce site of any kind.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether Hostinger’s most inexpensive platform is starting with a secure foundation.
The first of these is multifactor authentication (MFA). It’s way too easy for hackers to just bang away at a website’s login screen and brute-force a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding Hostinger for what I consider to be a pretty serious security flaw. Hostinger does not offer any form of MFA for their dashboard. You, of course, can add a plugin to your WordPress site to put MFA on there, but if the dashboard is open, protecting the site itself is only a weak partial solution.
While Hostinger does not offer SSL with their basic account, you can buy an SSL certificate from them for a one-time fee of $11.95. Activating SSL was quite simple, once the certificate was assigned to the account. All I had to do was click Activate SSL on the dashboard for it to be enabled (and working for my previously-built WordPress site):

As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings (using the Health Check & Troubleshooting plugin), as of the day I tested, for Hostinger’s Single Shared plan:

Component

Version Provided

Current Version

How Old

PHP

7.032

7.2.14

Five months

MySQL/MariaDB

MariaDB 10.2.17

MariaDB 10.3.12

Five months

cURL

7.62.0

7.64.0

Three months

OpenSSL

1.0.2k

1.0.2q (and 1.1.1a)

23 months

In general, these results aren’t bad. You kind of need to know the component to know how to read these results. For example, WordPress prefers PHP 7.2, so even though PHP is only a few months old, it’s due for an upgrade. On the other hand, the cURL library is surprisingly current. A lot of hosting providers are running ancient (and dangerous) versions of cURL, while Hostinger is pretty much up to date.
Also, the company supports OpenSSL 1.0.2k, where the absolutely most current version is 1.1.1a. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. The bottom line is that Hostinger is pretty much where it should be in terms of the system components they’re offering on their platform.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea of what to expect. The way I test is to use the fresh install of WordPress with the standard theme TwentySeventeen. I then performance test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Oddly enough, the German test did not include an image capture of the page being tested. I ran it three times just to be sure it wasn’t a glitch. I’m not too concerned, since the test results from Germany are reporting the same page size as the test from America, so I’ll just chalk it up to an anomaly at Pingdom.
Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site and then measures the responsiveness.

The Load Impact surprised me a bit. As more users are concurrently hitting the site, you’d expect the responsiveness to become more irregular. In this test, response time began at about 71ms, hovered between that and about 131ms, and ended at 83ms. But there was that spike, which pushed that one request out to 2.57 seconds. Even as requests grew from roughly six requests a second to ten times that, response time stayed generally stable.
This is not normally a characteristic of a lower-cost hosting plan. One of the reasons you pay more for a hosting plan is if your business model can’t sustain a reduction of responsiveness, but as we’ve seen, as the number of users increased, responsiveness stayed pretty steady.
None of the tests showed spectacular performance, and I found the responsiveness of the WordPress dashboard to be sluggish, but I wouldn’t expect more from a low-end plan. As you can see, the different tests reported substantially different results, ranging from a B rating to a D+ rating.
I say this a lot in my reviews, but take advantage of the money-back time period to fully test out results for yourself. You have 30 days with Hostinger. Make sure to use them.

Support responsiveness
During testing, I had four different reasons to reach out and ask for help — most related to the information gathering I was doing for this article. All of my contacts were through the chat interface on the Web site.
I initially had difficulty setting up my account. This is a bit of insider baseball, but hosting vendors set up time-limited accounts for me to do my testing on. The settings for the test account were wrong, and I needed to have it reset.
On the Hostinger site, I reached out and after just four minutes, was greeted by Andrius.  Apparently, it was 2:27am in Lithuania where Andrius was helping me. He helped me reset my account, and I was able to set it up using one of my own domain names, which I pointed to the Hostinger name servers. Making that fix, including my discussion with Andrius, took less than a half-hour.
Next, I wanted to clarify the lack of multifactor authentication, so I reached out again. This time, it was Arnas at 12:25am (it was the middle of a Sunday afternoon here in Oregon). He responded within two minutes and answered my question. He also had a delightful Neil Patrick Harris animated sign-off GIF which made me chuckle out loud.
Finally, I spoke to Gytis twice about a few other service plan questions. He jumped onto the chat in about three minutes and answered my questions.
Although I haven’t exhaustively tested the support service (I tried on a Wednesday and a Sunday afternoon), each time someone responded in four minutes or less.
I thought support was quite good, especially for the very basic plan provided by Hostinger.

Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The renewal pricing of about a hundred bucks a year after the initial four-year promotion ends is a bit of a shocker. On the other hand, the fact that you can get four years of hosting for less than $35 total is a solid offer for a set-it-and-forget-it solution for low-end or starter sites.
While the company has a major failing in not offering multi-factor authentication for their dashboard, the components used to drive websites are reasonably up-to-date and should offer a solid base for secure site operations. Plus, their dashboard implementation was well done and trouble-free.
Obviously, you should spend your 30 day trial time testing your site out carefully, but for the price, Hostinger is providing compelling value. 
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Image: Chris Duckett/ZDNet
The company responsible for the National Broadband Network has said it will be reviewing its generally reliable weekly release of rollout statistics, as it pinned the blame on the recent HFC pause.
“The Weekly Progress Report (Build) is currently being reviewed by NBN Co for any impacts of the global equipment and component shortage on the NBN HFC network. Publishing of the next Weekly Progress Report (Build) will resume as soon as possible,” the company said in an update on its report page.
Curiously, the report does not break down its numbers by technology — only whether a connection is fixed brownfields, fixed greenfields, satellite, or wireless.
In its first half results delivered this week, NBN said it had just shy of 1.9 million HFC customers active on its network at the end of 2020, with 2.5 premises ready to connect.
In total, it has almost 8 million active connections on its network, and 11.9 million able to connect.
Under its current new HFC connection pause, the company has stopped taking order for premises that are yet to connect its network via the cable technology.
Vulnerable customers would continue to be connected, NBN said in a recent notice, and customers moving into a premise already with NBN over HFC would be fine, as would those needing repairs and replacements on existing equipment.

The source of the pause is a lack of chipsets for its HFC network termination devices, which was pinned on the coronavirus pandemic. Last week NBN was notified the supply chain shortages would “continue for several months”.
Shortages are also hitting the likes of AMD.
“We have been monitoring this issue for several months since we first became aware the global shortage of chipsets affecting various industries, including telecommunications. As a result, we have been working closely with our supplier to build up our HFC equipment inventories in our warehouses as much as possible,” NBN chief customer officer Brad Whitcomb said at the time.
“We apologise to new customers that may be affected by this global supply chain issue and the anticipated delays. While this issue only affects a small number of potential customers that we anticipated would connect to NBN via HFC, relative to the large number of customers already on HFC, and indeed the entire NBN network, we appreciate that for those impacted this is frustrating.”
On Tuesday, NBN reported for the six months to the end of 2020, it had seen a 25% increase in revenue to AU$2.26 billion, which it said was thanks to 660,000 premises joining the network and increased demand for higher speed plans. On the EBITDA front, the company reported AU$424 million, a AU$1.1 billion turnaround on the AU$663 million EBITDA loss reported last year.
Related Coverage More

If you’re looking for a web hosting provider, you have a tremendous number of choices. In my Best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into HostGator’s offerings. Stay tuned for in-depth looks at other providers in future articles.
HostGator at a glance
HostGator was founded in 2002 by a student at Florida Atlantic University (hence the “gator” in HostGator). Today, HostGator is one of nearly 100 web hosting brands owned by Endurance International Group (EIG).
EIG was in the news in 2018, when the Times of India reported that its former CEO and CFO were charged by the US Securities and Exchange Commission for “overstating the company’s subscriber base.” The company agreed to pay an $8 million penalty without admitting fault.
UPDATE: HostGator reached out to us requesting changes to the Quick Security Checks section of this article. Their comments and our responses are included inline in that section.
How pricing really works
Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of HostGator, there were some bright spots, some annoyances, and some serious security concerns.

For the series of hosting reviews I’m doing now, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of HostGator, that’s what they call their Hatchling plan. To get pricing, I simply went to the company’s main site at HostGator.com. If you want to save some money, though, read to the end of this section.

Like nearly every hosting provider in the business, their offering is somewhat misleading. There is no option to just get billed $2.75 per month. Notice the all-powerful asterisk next to the price.
While it looks like you can get the Hatchling plan for $2.75 per month, that’s only if you prepay for three full years, which means you’re actually paying $105.35. If you want only one year, you’re charging $76.11 to your card (which is $5.95 per month). If you want to buy the service on a month-by-month basis, you’re paying $10.95 per month.
When you hit the Buy Now button, the company pre-populates a one year subscription with optional add-ons for site monitoring and backup, adding $43.94 to the bill (but you can uncheck these options).
There’s a painful gotcha to these “starting at” prices. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. Instead of paying $105.35 for three years, upon renewal you’ll be paying a whopping $250.20 on a single credit card charge, a price increase that’s more than double the original price.
Here’s another way to save money. If you come in through the affiliate link in CNET’s hosting providers directory, you get access to slightly lower prices on a per-month basis.

Even though you can get a deal through that affiliate link, when your initial period ends, you’ll still be expected to pay the full renewal price for another three full years.
I harp on high renewal fees in my coverage of hosting vendors for two key reasons. First, it’s a really nasty feeling suddenly getting a bill that’s hundreds or even thousands of dollars (depending on the plan) more than you expect. Second, switching from one hosting provider to another hosting provider can be a very time-consuming and possibly expensive job, fraught with hassles and potential points of failure.
Unfortunately, while not a universal practice, at least half of the hosting vendors I’ve looked at over the years do these promo deals, with big jumps in renewal fees once they have you locked in.
What the base plan includes
As with most hosting vendors these days, HostGator claims unlimited disk space, unlimited bandwidth, and unlimited email. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabytes of video, for example. They also state, “HostGator expressly reserves the right to review every shared account for excessive usage of CPU, disk space and other resources that may be caused by a violation of this Agreement or the Acceptable Use Policy.”
In other words, don’t abuse the resources you’re buying, and buy the level of plan reasonably commensurate with your expected usage. If you’re about to run a big, national promotion where you expect lots of traffic, you might not want to use the Hatchling plan. If you get too much traffic, HostGator might shut you down or bill you a lot more.
Their terms of service continue, “HostGator may, in our sole discretion, terminate access to the Services, apply additional fees, or remove or delete User Content for those accounts that are found to be in violation of HostGator’s terms and conditions.”
The base level plan has some compelling features. First, and this is important as we move forward in a quest for a more secure web, is the availability of free SSL for your site. This adds that little lock icon to your browser’s address bar and makes sure traffic between your site and your visitors is encrypted.
The company also offers 24/7/365 support which not only includes ticket and chat, but phone support as well. While you’re only able to use one domain, you can use as many subdomains as you wish. The company also provides a coupon for $100 in Google ads and another $100 in Bing ads. While you probably won’t get enough ad hits to cover your cost of hosting, it will help you get your feet wet in the world of Google and Bing advertising.
Dashboard access
The first thing I like to do when looking at a new hosting provider is explore their dashboard. Is it an old friend, like cPanel? Is it some sort of cobbled-together home-grown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most, because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into HostGator’s dashboard, you’re greeted with their customer portal. Here you can manage your credit card information, get support, and — most important, apparently — buy the upsell options they offer.

This is not the only dashboard you’ll be using. The main dashboard is cPanel, which is common to many, many sites across the Web. While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site.
It took a surprisingly long time for cPanel to launch, almost a full minute. What’s a little more bothersome, though, is the range of additional upsells in the middle of cPanel. cPanel is usually pretty predictable and seeing almost as many ads and upsells as management options was tedious.

Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I went ahead and clicked the Build a New WordPress Site button on the main cPanel page… and got hit with another page of upsell promotions:

At $399, prices were really starting to climb from that tasty little $2.75 offer the company promoted. The promos on this setup page didn’t say what theme they’d be installing. WordPress does come with a nice set of free themes, and most themes are relatively inexpensive. I tried to figure out what the $399 program was for, but as far as I can tell, it’s simply setting up WordPress, which is usually about a five minute process.
The difference between the $199 and $399 program was the addition of SEO and WordPress site security. To be fair, most WordPress security plugins and add-ons cost about a hundred bucks a year, and there are premium SEO plugins that can cost a similar amount. But without going all the way through the checkout, it wasn’t clear what tools HostGator was providing in return for its almost $400 of upsell.
My advice is to skip these upsells. Simply install WordPress, get to know your site, and then start with a tool like Wordfence or Sucuri to keep your site protected.
Once I entered my user name and domain, I was… wait for it… presented with another upsell:

I went ahead and hit the login button, and… it failed:

I took a quick look at the File Manager and determined that the WordPress install appeared to be in place. So, instead of using HostGator’s login button, I just used the standard WordPress admin URL, which is domain.com/wp-admin. This worked.
I was, however, no longer surprised to find more upsells. In this case, the entire main dashboard page — going well below the scroll of the page — had upsells.

There seems to be a big push for using a number of plugins that are either freemium or affiliate-based. Jetpack is produced by Automattic, the company behind WordPress. It also has an affiliate program.
My guess is that HostGator is pre-installing plugins where they get some affiliate revenue. There’s nothing particularly wrong with that, but plastering these upsells in the middle of configuration screens is getting old.
HostGator also dropped in a plugin for something called Mojo Marketplace. This, too, had pages and pages of upsells, this time for themes.

With all the added plugins, junk, and upsell, it’s no wonder that the site initially failed when I hit the site login button from the HostGator dashboard.
Let me be clear. There is nothing wrong with using lots of plugins on a WordPress site. That’s one of WordPress’s biggest strengths. But filling a site with crapware before it’s even live is nothing but a distraction, can add a considerable amount of confusion to new users, and may cause potential problems in terms of functionality. Plus, it’s just rude.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an ecommerce site of any kind. You also don’t want to distribute malware to your visitors. That’s bad.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether HostGator’s most inexpensive platform is starting with a secure foundation. Here’s the tl;dr: it’s not. This thing is dangerously insecure.
The first of these quick checks is multifactor authentication. It’s way too easy for hackers to just bang away at a website’s login screen and bruteforce a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding HostGator for what I consider a pretty serious security flaw. When you log into their customer portal, all you need to provide is a username and password. However, if you want to ask support questions and get answers, you do need to set up a support PIN. This is a partial step forward. The problem is that if you’re able to log into the main management account, you can change the email address associated with it, and then have a new support PIN sent out. The bottom line is without a second factor for login authentication, the PIN is essentially worthless.
Secondly, according to the support person I reached out to on chat, HostGator’s cPanel implementation also does not support multi-factor authentication, at least in the lower-end accounts.

Multi-factor authentication should never be an upsell option, or provided only for premium accounts. It takes very little effort for a hosting provider to enable it. Not only does it protect the individual customers using the feature, it also protects all the customers of the hosting provider. That’s because most shared hosting servers share IP addresses. If a spammer or scammer hijacks a shared hosting account and that account is blocked, it’s entirely possible that all the accounts sharing that IP or that IP’s larger block of numbers will be blocked as well.
I strongly recommend that HostGator implement MFA for all accounts immediately, for their benefit as well as that of their customers.
I mentioned earlier that HostGator provides a free SSL certificate. They’re using Let’s Encrypt, a program that provides free, automated SSL certificates. Let’s Encrypt is enabled by default, so once you set up a website, all you need to do is use your https:// in your URL to provide encrypted URLs for your visitors.
As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings derived from the HostGator versions page and a pleasant tech support conversation, as of the day I tested, for HostGator’s Hatchling plan:

Component

Version Provided

Current Version

How Old

PHP

7.4

7.4.14 (8.0 is still a bit new)

reasonably current 

MySQL

5.6.x

8.0.23

8 years / 2904 days (end of support is Feb 21)

cURL

7.19.7

7.75

11.3 years / 4124 days

OpenSSL

 1.0.1e-fips 11

1.0.2t (and 1.1.1)

7.1 years / 2592 days

The cURL library, which is meant for data transfer, particularly of secure information, is vastly and woefully out of date. A quick look at the cURL release table shows there have been thousands of bugs fixed and hundreds of vulnerabilities resolved since the version of cURL being provided by HostGator was released back in 2009. That’s more than a decade old. That would be like walking around today with an iPhone 3GS and running Windows Vista on your PC!
UPDATE: HostGator told us, “cURL does list an older raw version, but RedHat/CentOS backport security patches and we update all servers at least daily. This is standard for RedHat/CentOS and expected behavior.” This is actually a very interesting process. Red Hat does go back to older versions of standard Linux software and port security fixes, as HostGator stated. However, even with security fixes applied, offering a nearly 10 year old version of cURL will provide website owners with ongoing compatibility challenges, particularly with payment gateways.
The company supports OpenSSL 1.0.1e-fips 11, where the absolutely most current version is 1.1.1. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. Here, despite all the version number confusion, there’s one fact you need to know: the version of OpenSSL HostGator is supplying is also vastly out of date.
UPDATE: HostGator told us, “OpenSSL also lists an older raw version, but again RedHat backports security patches and we ensure daily updates.” This is the same backporting process Red Hat uses for cURL. It means that while security flaws have been updated, the version and its compatibility is still nearly a decade old.
HostGator is using version 5.6 of MySQL. While MySQL supports many versions, the latest is 8.0. HostGator’s MySQL implementation is eight years old.
UPDATE: HostGator told us, “All HG boxes have MySQL 5.6 or higher. The article reports 5.5, which hasn’t been in place for a long time.” While this was the version shown on HostGator’s own versions page when the article was written, we’re glad to see MySQL has been updated.
What’s worse, each of the versions of these packages are below WordPress’s minimum requirements. 
UPDATE: In light of HostGator’s use of backported security updates, we’re going to walk back the following statement. However, because MFA is not available and because many of these versions (even with backported security updates) will cause modern software to fail, we still consider HostGator a less than optimal choice for e-commerce or any security-related site.
Given the vulnerabilities fixed since these versions were released, I have only one recommendation: Do not use HostGator’s Hatchling plan for anything e-commerce or security related. Period. Not only are you likely to run into conflicts with the various payment services who no longer support encryption libraries from the Stone Age, you’re opening yourself and your potential customers to a vast array of known hacking vulnerabilities.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea what to expect, and that’s what we’re doing here. The way I test is to use the fresh install of WordPress and then test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
One note: normally I wouldn’t test a site with all the crapware plugins installed. But since most users who buy these plans probably won’t know how to remove the plugins or which plugins are safe to remove, I tested performance with those plugins installed. I fully expected performance numbers to take a hit from all that added cruft, but I was wrong. Performance wasn’t bad at all.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site, and then measures the responsiveness.

The Load Impact test was also somewhat unexpected. At the beginning of the test, some page load times took longer than they should. But as the number of virtual users climbed, responsiveness settled into a nice rhythm.
While lower-end hosting plans often have spotty performance, this was a good showing. Most lower-end plans, including the one we’re testing, share server resources with other customers. So, at times of heavy activity, if one site is seeing heavy usage, the other sites may suffer. I’m testing this site on a Sunday afternoon, which is a relatively slow period in web hosting terms, but even so, the performance for this bottom-end site was unexpectedly reasonable.
Support responsiveness
I only needed to contact support once, through the chat interface. I was connected to someone within about five minutes. It took a few more minutes to establish a support PIN, but then I got my answer quickly.
For a Sunday afternoon, it was a complete, reasonably knowledgeable answer. I’ve certainly experienced far worse support.
Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The only way to truly know what it’s like to use a service is to run a live website on it for a few years. That said, I was both pleased and disappointed with HostGator’s showing.
I found my interactions with HostGator’s customer portal and cPanel to be sluggish. It often took 30 seconds to a minute for a click to process through to a result.
On the other hand, performance of the site being hosted by HostGator, the site you’re paying for and want to be highly performant, was quite good.
HostGator’s relatively constant upsell, especially within the configuration and operational aspects of the control panel, proved intrusive. The company installed way too many plugins in the default WordPress install, which not only caused the initial login to fail, but might make it far more confusing for new users.
Finally, the company’s lack of support for modern security protocols and login security is deeply disturbing. They’re letting hundreds of thousands of customers launch websites with woefully out-of-date security software. Given that the security libraries are free and open source, there’s just no supportable reason for HostGator to be lax on this most important aspect of Web security.
The company offers a 45-day money back guarantee, which is reasonable.
The bottom line is this: if you want to set up a simple website as an online brochure, HostGator should be fine. But if you want users to login to or pay for something through your site, do not use this plan.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

I just ordered Starlink, SpaceX’s Low Earth Orbit (LEO) satellite internet service. For the first time, if you live in Canada, the United States, or the United Kingdom, you can too. Alas, that doesn’t mean I, or you, will get it anytime soon.

But, with its first-come, first-served approach, at least you’ll be on the list. Before this offer arrived, you could apply to be in the Starlink beta test and hope for this best. 
Getting on the Starlink list will cost you a $99 deposit. You can pay for this with a credit card. Sorry, despite what founder Elon Musk has said, paying by Bitcoin isn’t an option yet. 
In return, you’ll get an estimated coverage date of either 2021 or 2022 based on your location.  In my case, I live in Asheville, North Carolina, and I have an estimated service date of late 2021. 
When, and if, I get the service, Starlink will also charge me $499, plus tax, for the Starlink Kit, which will consist of a small satellite dish with installation gear and a Wi-Fi router. The service itself costs $99 a month. In the fine print, you’ll see that the charges for this preorder are fully refundable and — drat it — “placing a deposit does not guarantee service.”
Is it worth it? I’m getting it not because I need it — Charter/Spectrum does well enough for me — but because I cover the Internet Service Providers (ISP) and networking, I need to exactly how it works and how well it works. 
Starlink is really meant for people who can’t get conventional broadband. It’s not meant as a replacement for people who can already get broadband via cable or fiber but rather, it’s for people whose “broadband” choices are otherwise DSL, conventional satellite internet,  or even dial-up modems. If that’s you then you want to check Starlink out.

According to independent third-party tests, such as TestMy.Net, Starlink provides an average download speed of 55.59 Megabits per second (Mbps), with a top speed of 194.44Mbps. Fast compared to gigabit fiber? No. Fast compared to its competitors in the backwoods? Oh yes.
Another plus is that Starlink has a relatively low latency of 20 to 40 milliseconds. Again, a gamer might sneer at that, but compared to the hundreds of milliseconds of old-style satellite internet, it’s an order of magnitude better.
There’s already pent-up demand for Starlink’s internet. SpaceX has applied for an FCC license to roll out five million “UFO on a stick” end-user terminals over its original request for a million terminals. This came after 700,000 US residents signed up to be updated about the service’s availability.  As of January 2021, however, Starlink only has 10,000 beta testers.
Add it all up and I’m hoping, but not expecting, to see a Starlink antenna on my roof this year. There needs to be a lot more Starlink kits produced and Starlink satellites launched to deliver the internet goodies to 5 million users. Still, you can now start making plans for Starlink to be your internet connection sooner rather than later.
Related Stories: More