Networking

If you’re looking for a web hosting provider, you have a tremendous number of choices. In my Best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into HostGator’s offerings. Stay tuned for in-depth looks at other providers in future articles.
HostGator at a glance
HostGator was founded in 2002 by a student at Florida Atlantic University (hence the “gator” in HostGator). Today, HostGator is one of nearly 100 web hosting brands owned by Endurance International Group (EIG).
EIG was in the news in 2018, when the Times of India reported that its former CEO and CFO were charged by the US Securities and Exchange Commission for “overstating the company’s subscriber base.” The company agreed to pay an $8 million penalty without admitting fault.
UPDATE: HostGator reached out to us requesting changes to the Quick Security Checks section of this article. Their comments and our responses are included inline in that section.

Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of HostGator, there were some bright spots, some annoyances, and some serious security concerns.
For the series of hosting reviews I’m doing now, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of HostGator, that’s what they call their Hatchling plan. To get pricing, I simply went to the company’s main site at HostGator.com. If you want to save some money, though, read to the end of this section.
Like nearly every hosting provider in the business, their offering is somewhat misleading. There is no option to just get billed $2.75 per month. Notice the all-powerful asterisk next to the price.
While it looks like you can get the Hatchling plan for $2.75 per month, that’s only if you prepay for three full years, which means you’re actually paying $105.35. If you want only one year, you’re charging $76.11 to your card (which is $5.95 per month). If you want to buy the service on a month-by-month basis, you’re paying $10.95 per month.
When you hit the Buy Now button, the company pre-populates a one year subscription with optional add-ons for site monitoring and backup, adding $43.94 to the bill (but you can uncheck these options).
There’s a painful gotcha to these “starting at” prices. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. Instead of paying $105.35 for three years, upon renewal you’ll be paying a whopping $250.20 on a single credit card charge, a price increase that’s more than double the original price.
View Now at HostGator
What the base plan includes
As with most hosting vendors these days, HostGator claims unlimited disk space, unlimited bandwidth, and unlimited email. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabytes of video, for example. They also state, “HostGator expressly reserves the right to review every shared account for excessive usage of CPU, disk space and other resources that may be caused by a violation of this Agreement or the Acceptable Use Policy.”
In other words, don’t abuse the resources you’re buying, and buy the level of plan reasonably commensurate with your expected usage. If you’re about to run a big, national promotion where you expect lots of traffic, you might not want to use the Hatchling plan. If you get too much traffic, HostGator might shut you down or bill you a lot more.

Their terms of service continue, “HostGator may, in our sole discretion, terminate access to the Services, apply additional fees, or remove or delete User Content for those accounts that are found to be in violation of HostGator’s terms and conditions.”
The base-level plan has some compelling features. First, and this is important as we move forward in a quest for a more secure web, is the availability of free SSL for your site. This adds that little lock icon to your browser’s address bar and makes sure traffic between your site and your visitors is encrypted.
The company also offers 24/7/365 support which not only includes ticket and chat but phone support as well. While you’re only able to use one domain, you can use as many subdomains as you wish. The company also provides a coupon for $100 in Google ads and another $100 in Bing ads. While you probably won’t get enough ad hits to cover your cost of hosting, it will help you get your feet wet in the world of Google and Bing advertising.
Dashboard access
The first thing I like to do when looking at a new hosting provider is explore their dashboard. Is it an old friend, like cPanel? Is it some sort of cobbled-together home-grown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into HostGator’s dashboard, you’re greeted with their customer portal. Here you can manage your credit card information, get support, and — most important, apparently — buy the upsell options they offer.

This is not the only dashboard you’ll be using. The main dashboard is cPanel, which is common to many, many sites across the Web. While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site.
It took a surprisingly long time for cPanel to launch, almost a full minute. What’s a little more bothersome, though, is the range of additional upsells in the middle of cPanel. cPanel is usually pretty predictable and seeing almost as many ads and upsells as management options were tedious.

Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I went ahead and clicked the Build a New WordPress Site button on the main cPanel page… and got hit with another page of upsell promotions:

At $399, prices were really starting to climb from that tasty little $2.75 offer the company promoted. The promos on this setup page didn’t say what theme they’d be installing. WordPress does come with a nice set of free themes, and most themes are relatively inexpensive. I tried to figure out what the $399 program was for, but as far as I can tell, it’s simply setting up WordPress, which is usually about a five-minute process.
The difference between the $199 and $399 program was the addition of SEO and WordPress site security. To be fair, most WordPress security plugins and add-ons cost about a hundred bucks a year, and there are premium SEO plugins that can cost a similar amount. But without going all the way through the checkout, it wasn’t clear what tools HostGator was providing in return for its almost $400 of upsell.
My advice is to skip these upsells. Simply install WordPress, get to know your site, and then start with a tool like Wordfence or Sucuri to keep your site protected.
Once I entered my user name and domain, I was… wait for it… presented with another upsell:

I went ahead and hit the login button, and… it failed:

I took a quick look at the File Manager and determined that the WordPress install appeared to be in place. So, instead of using HostGator’s login button, I just used the standard WordPress admin URL, which is domain.com/wp-admin. This worked.
I was, however, no longer surprised to find more upsells. In this case, the entire main dashboard page — going well below the scroll of the page — had upsells.

There seems to be a big push for using a number of plugins that are either freemium or affiliate-based. Jetpack is produced by Automattic, the company behind WordPress. It also has an affiliate program.
My guess is that HostGator is pre-installing plugins where they get some affiliate revenue. There’s nothing particularly wrong with that, but plastering these upsells in the middle of configuration screens is getting old.
HostGator also dropped in a plugin for something called Mojo Marketplace. This, too, had pages and pages of upsells, this time for themes.

With all the added plugins, junk, and upsell, it’s no wonder that the site initially failed when I hit the site login button from the HostGator dashboard.
Let me be clear. There is nothing wrong with using lots of plugins on a WordPress site. That’s one of WordPress’s biggest strengths. But filling a site with crapware before it’s even live is nothing but a distraction, can add a considerable amount of confusion to new users, and may cause potential problems in terms of functionality. Plus, it’s just rude.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an e-commerce site of any kind. You also don’t want to distribute malware to your visitors. That’s bad.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether HostGator’s most inexpensive platform is starting with a secure foundation. Here’s the tl;dr: it’s not. This thing is dangerously insecure.
The first of these quick checks is multifactor authentication. It’s way too easy for hackers to just bang away at a website’s login screen and brute-force a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding HostGator for what I consider a pretty serious security flaw. When you log into their customer portal, all you need to provide is a username and password. However, if you want to ask support questions and get answers, you do need to set up a support PIN. This is a partial step forward. The problem is that if you’re able to log into the main management account, you can change the email address associated with it, and then have a new support PIN sent out. The bottom line is without a second factor for login authentication, the PIN is essentially worthless.
Secondly, according to the support person I reached out to on chat, HostGator’s cPanel implementation also does not support multi-factor authentication, at least in the lower-end accounts.

Multi-factor authentication should never be an upsell option or provided only for premium accounts. It takes very little effort for a hosting provider to enable it. Not only does it protect the individual customers using the feature, but it also protects all the customers of the hosting provider. That’s because most shared hosting servers share IP addresses. If a spammer or scammer hijacks a shared hosting account and that account is blocked, it’s entirely possible that all the accounts sharing that IP or that IP’s larger block of numbers will be blocked as well.
I strongly recommend that HostGator implement MFA for all accounts immediately, for their benefit as well as that of their customers.
I mentioned earlier that HostGator provides a free SSL certificate. They’re using Let’s Encrypt, a program that provides free, automated SSL certificates. Let’s Encrypt is enabled by default, so once you set up a website, all you need to do is use your https:// in your URL to provide encrypted URLs for your visitors.
As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings derived from the HostGator versions page and a pleasant tech support conversation, as of the day I tested [in July 2019], for HostGator’s Hatchling plan:

Component

Version Provided

Current Version

How Old

PHP

7.4

7.4.14 (8.0 is still a bit new)

reasonably current 

MySQL

5.6.x

8.0.23

8 years / 2904 days (end of support is Feb 21)

cURL

7.19.7

7.75

11.3 years / 4124 days

OpenSSL

 1.0.1e-fips 11

1.0.2t (and 1.1.1)

7.1 years / 2592 days

The cURL library, which is meant for data transfer, particularly of secure information, is vastly and woefully out of date. A quick look at the cURL release table shows there have been thousands of bugs fixed and hundreds of vulnerabilities resolved since the version of cURL being provided by HostGator was released back in 2009. That’s more than a decade old. That would be like walking around today with an iPhone 3GS and running Windows Vista on your PC!
UPDATE: HostGator told us, “cURL does list an older raw version, but RedHat/CentOS backport security patches and we update all servers at least daily. This is standard for RedHat/CentOS and expected behavior.” This is actually a very interesting process. Red Hat does go back to older versions of standard Linux software and port security fixes, as HostGator stated. However, even with security fixes applied, offering a nearly 10-year-old version of cURL will provide website owners with ongoing compatibility challenges, particularly with payment gateways.
The company supports OpenSSL 1.0.1e-fips 11, where the absolutely most current version is 1.1.1. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. Here, despite all the version number confusion, there’s one fact you need to know: the version of OpenSSL HostGator is supplying is also vastly out of date.
UPDATE: HostGator told us, “OpenSSL also lists an older raw version, but again RedHat backports security patches and we ensure daily updates.” This is the same backporting process Red Hat uses for cURL. It means that while security flaws have been updated, the version and its compatibility is still nearly a decade old.
HostGator is using version 5.6 of MySQL. While MySQL supports many versions, the latest is 8.0. HostGator’s MySQL implementation is eight years old.
UPDATE: HostGator told us, “All HG boxes have MySQL 5.6 or higher. The article reports 5.5, which hasn’t been in place for a long time.” While this was the version shown on HostGator’s own versions page when the article was written, we’re glad to see MySQL has been updated.
What’s worse, each of the versions of these packages are below WordPress’s minimum requirements. 
Because MFA is not available and because many of these versions (even with backported security updates) will cause modern software to fail, we consider HostGator a less than optimal choice for e-commerce or any security-related site.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea of what to expect, and that’s what we’re doing here. The way I test is to use the fresh install of WordPress and then test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
One note: normally I wouldn’t test a site with all the crapware plugins installed. But since most users who buy these plans probably won’t know how to remove the plugins or which plugins are safe to remove, I tested performance with those plugins installed. I fully expected performance numbers to take a hit from all that added cruft, but I was wrong. The performance wasn’t bad at all.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site and then measures the responsiveness.

The Load Impact test was also somewhat unexpected. At the beginning of the test, some page load times took longer than they should. But as the number of virtual users climbed, responsiveness settled into a nice rhythm.
While lower-end hosting plans often have spotty performance, this was a good showing. Most lower-end plans, including the one we’re testing, share server resources with other customers. So, at times of heavy activity, if one site is seeing heavy usage, the other sites may suffer. I’m testing this site on a Sunday afternoon, which is a relatively slow period in web hosting terms, but even so, the performance for this bottom-end site was unexpectedly reasonable.
Support responsiveness
I only needed to contact support once, through the chat interface. I was connected to someone within about five minutes. It took a few more minutes to establish a support PIN, but then I got my answer quickly.
For a Sunday afternoon, it was a complete, reasonably knowledgeable answer. I’ve certainly experienced far worse support.

Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The only way to truly know what it’s like to use a service is to run a live website on it for a few years. That said, I was both pleased and disappointed with HostGator’s showing.
I found my interactions with HostGator’s customer portal and cPanel to be sluggish. It often took 30 seconds to a minute for a click to process through to a result.
On the other hand, the performance of the site being hosted by HostGator, the site you’re paying for and want to be highly performant, was quite good.
HostGator’s relatively constant upsell, especially within the configuration and operational aspects of the control panel proved intrusive. The company installed way too many plugins in the default WordPress install, which not only caused the initial login to fail, but might make it far more confusing for new users.
Finally, the company’s lack of support for modern security protocols and login security is deeply disturbing. They’re letting hundreds of thousands of customers launch websites with woefully out-of-date security software. Given that the security libraries are free and open source, there’s just no supportable reason for HostGator to be lax on this most important aspect of Web security.
The company offers a 45-day money-back guarantee, which is reasonable.
The bottom line is this: if you want to set up a simple website as an online brochure, HostGator should be fine. But if you want users to log in to or pay for something through your site, do not use this plan.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

If you’re looking for a web hosting provider, you have a tremendous number of choices. In The best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into Hostinger’s offerings.
Hostinger at a glance
Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of Hostinger, the quality was quite reasonable with good value for the price.

For this series of hosting reviews, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of Hostinger, it’s their Single Shared Hosting plan. To get pricing, I simply went to the company’s main site at Hostinger.com.
As with most every hosting provider, Hostinger’s published pricing is somewhat misleading. There is no option to just get billed 80 cents per month.
While it looks like you can get the Single Shared Hosting plan for $0.99 per month, that’s only if you prepay for four full years, which means you’re actually paying $47.52. Now, to be fair, 47 bucks for four years of hosting is a very good deal, but it is confusing. If you want only one year, you’re charging $35.88 to your card (which is $2.99 per month). Still not bad, at least for the first year.
There’s a gotcha though. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. When you renew your one year plan, you’re going to jump to $5.99/month or $71.88/year. Of course, we have no idea what the pricing will be in four years, but you get the idea. 
While $5.99/mo itself isn’t a bad price for basic hosting, the fact is, your price will jump by more than double what you paid when you signed up. Now, Hostinger does note that they offer promotions for existing users, so your renewal price won’t necessarily increase to the full price. But again, we have no idea what promotions will be in effect in four years.
On the other hand, if you do sign up for the base Hostinger plan, you pay one shot of $47.52 and — assuming you don’t need more capacity — you’ve locked in a solution that you don’t need to worry about for an entire four years.
I focus on these pricing gimmicks in my reviews because it can be really unpleasant to suddenly get a bill that’s hundreds or even thousands of dollars (depending on the plan) more than you expected. Second, switching from one hosting provider to another hosting provider can be a very time-consuming and possibly expensive job, fraught with hassles and potential points of failure.
At least half of the hosting vendors I’ve looked at over the years do these promo deals, with big jumps in renewal fees.
View Now at Hostinger
What the base plan includes
Most bottom-end plans are for one website, and Hostinger is no different.
Before we move into the details, let’s spend a moment talking about what a base plan really is. All websites are not created equal. While you might be able to pay under a buck a month to run your website, I pay about a hundred bucks each month to run my small fleet of sites. 
A base site is designed for a business or individual who wants a basic online presence. That’s a bunch of pages, some product or service shots, and a lot of text. If you want to run complex web applications, or you expect a lot of traffic, a basic site is not for you.

If you’re just trying to get started with an online presence, starting simply is a good way to go. In this series, we’re reviewing the least expensive program each hosting provider offers. That’s going to be what the majority of buyers will want, and it will give us a good insight into the company.
Unlike most hosting vendors these days, Hostinger does not claim unlimited disk space, unlimited bandwidth, and unlimited email, at least for their entry-level plan. The Single Shared Hosting plan comes with 10GB SSD space, up to 100GB bandwidth, and one email account.
They start promoting “unlimited” for their next tier up, Premium, which is $1.99 per month for four years and renews at $4.99 per month.
Be careful, though. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabits of video, for example. They also state, amusingly, that  “All Web Hosting plans, including the unlimited plans, are subject to a limit…” Read their terms of service for the actual limits on their unlimited accounts. In other words, if your site suddenly becomes some sort of viral hit (you lucky thing!), you’re probably going to have to pay more to keep your site running.
There are some wins, most notably that even the basic plan is hosted on SSDs. Even if a site is using caching (which reduces the load on a server), having fast drives is always a plus.
The company does have 24/7/365 live chat support, which — based on my own use of their service — is quite responsive. You are allowed two subdomains. You can park an unlimited number of domain names on the account. FTP over SSL is available, which is important for keeping your site secure while transferring files in and out.
Hostinger offers a 30-day money-back guarantee. It’s not as long as some of their competitors, but it is a fair amount of time for you to get a simple site up and running and see how things work.
Dashboard access
The first thing I like to do when looking at a new hosting provider is exploring their dashboard. Is an old friend, like cPanel? Is it some sort of janky, barely configured open source or homegrown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into Hostinger’s dashboard, you’re greeted with a very well-designed getting started screen. You have five clear options:

I like this a lot. With most hosting plans, it’s pretty simple to do a WordPress install using Softaculous, but you need to know enough to find the panel and find the install tool. With Hostinger, it’s just one click of the big yellow box (or purple or green box) and you’re on your way.
Of course, I went with “Skip this” because I wanted to see what would happen. I’m like that.
With that, I was dropped into cPanel, using a clean and modern skin. If you’re comfortable around web hosting, this is an old friend.

While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site. Hostinger seems to have enabled most of cPanel’s main capabilities, so even with a basic account, I didn’t feel restricted.
Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I did expect to see Softaculous as the installer but instead found Auto Installer. cPanel allows hosts to choose from an app catalog of installers, and this is the one Hostinger is using. It gets big points by being fully integrated into the cPanel interface. Since newbies might not know the name Softaculous leads to more apps, it’s actually a clean, simple way to go.

I went ahead and clicked WordPress, answered some basic configuration questions, and after a minor snag (my mistake) that I’ll describe in my discussion of support, was presented with an installed WordPress site:

I like this installer. With many cPanel installers, you have to create your own MariaDB or MySQL database and link it into WordPress. This Auto Installer automatically generated the database and properly linked it into WordPress so all I had to do was hit the WP Admin button and log in.
Overall, adding an app using Hostinger’s cPanel went very smoothly.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an e-commerce site of any kind.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether Hostinger’s most inexpensive platform is starting with a secure foundation.
The first of these is multifactor authentication (MFA). It’s way too easy for hackers to just bang away at a website’s login screen and brute-force a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding Hostinger for what I consider to be a pretty serious security flaw. Hostinger does not offer any form of MFA for their dashboard. You, of course, can add a plugin to your WordPress site to put MFA on there, but if the dashboard is open, protecting the site itself is only a weak partial solution.
While Hostinger does not offer SSL with their basic account, you can buy an SSL certificate from them for a one-time fee of $11.95. Activating SSL was quite simple, once the certificate was assigned to the account. All I had to do was click Activate SSL on the dashboard for it to be enabled (and working for my previously-built WordPress site):

As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings (using the Health Check & Troubleshooting plugin), as of the day I tested, for Hostinger’s Single Shared plan:

Component

Version Provided

Current Version

How Old

PHP

7.032

7.2.14

Five months

MySQL/MariaDB

MariaDB 10.2.17

MariaDB 10.3.12

Five months

cURL

7.62.0

7.64.0

Three months

OpenSSL

1.0.2k

1.0.2q (and 1.1.1a)

23 months

In general, these results aren’t bad. You kind of need to know the component to know how to read these results. For example, WordPress prefers PHP 7.2, so even though PHP is only a few months old, it’s due for an upgrade. On the other hand, the cURL library is surprisingly current. A lot of hosting providers are running ancient (and dangerous) versions of cURL, while Hostinger is pretty much up to date.
Also, the company supports OpenSSL 1.0.2k, where the absolutely most current version is 1.1.1a. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. The bottom line is that Hostinger is pretty much where it should be in terms of the system components they’re offering on their platform.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea of what to expect. The way I test is to use the fresh install of WordPress with the standard theme TwentySeventeen. I then performance test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Oddly enough, the German test did not include an image capture of the page being tested. I ran it three times just to be sure it wasn’t a glitch. I’m not too concerned, since the test results from Germany are reporting the same page size as the test from America, so I’ll just chalk it up to an anomaly at Pingdom.
Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site and then measures the responsiveness.

The Load Impact surprised me a bit. As more users are concurrently hitting the site, you’d expect the responsiveness to become more irregular. In this test, response time began at about 71ms, hovered between that and about 131ms, and ended at 83ms. But there was that spike, which pushed that one request out to 2.57 seconds. Even as requests grew from roughly six requests a second to ten times that, response time stayed generally stable.
This is not normally a characteristic of a lower-cost hosting plan. One of the reasons you pay more for a hosting plan is if your business model can’t sustain a reduction of responsiveness, but as we’ve seen, as the number of users increased, responsiveness stayed pretty steady.
None of the tests showed spectacular performance, and I found the responsiveness of the WordPress dashboard to be sluggish, but I wouldn’t expect more from a low-end plan. As you can see, the different tests reported substantially different results, ranging from a B rating to a D+ rating.
I say this a lot in my reviews, but take advantage of the money-back time period to fully test out results for yourself. You have 30 days with Hostinger. Make sure to use them.

Support responsiveness
During testing, I had four different reasons to reach out and ask for help — most related to the information gathering I was doing for this article. All of my contacts were through the chat interface on the Web site.
I initially had difficulty setting up my account. This is a bit of insider baseball, but hosting vendors set up time-limited accounts for me to do my testing on. The settings for the test account were wrong, and I needed to have it reset.
On the Hostinger site, I reached out and after just four minutes, was greeted by Andrius.  Apparently, it was 2:27am in Lithuania where Andrius was helping me. He helped me reset my account, and I was able to set it up using one of my own domain names, which I pointed to the Hostinger name servers. Making that fix, including my discussion with Andrius, took less than a half-hour.
Next, I wanted to clarify the lack of multifactor authentication, so I reached out again. This time, it was Arnas at 12:25am (it was the middle of a Sunday afternoon here in Oregon). He responded within two minutes and answered my question. He also had a delightful Neil Patrick Harris animated sign-off GIF which made me chuckle out loud.
Finally, I spoke to Gytis twice about a few other service plan questions. He jumped onto the chat in about three minutes and answered my questions.
Although I haven’t exhaustively tested the support service (I tried on a Wednesday and a Sunday afternoon), each time someone responded in four minutes or less.
I thought support was quite good, especially for the very basic plan provided by Hostinger.

Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The renewal pricing of about a hundred bucks a year after the initial four-year promotion ends is a bit of a shocker. On the other hand, the fact that you can get four years of hosting for less than $35 total is a solid offer for a set-it-and-forget-it solution for low-end or starter sites.
While the company has a major failing in not offering multi-factor authentication for their dashboard, the components used to drive websites are reasonably up-to-date and should offer a solid base for secure site operations. Plus, their dashboard implementation was well done and trouble-free.
Obviously, you should spend your 30 day trial time testing your site out carefully, but for the price, Hostinger is providing compelling value. 
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

If you’re looking for a web hosting provider, you have a tremendous number of choices. In The best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into Hostinger’s offerings.
Hostinger at a glance
Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of Hostinger, the quality was quite reasonable with good value for the price.

For this series of hosting reviews, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of Hostinger, it’s their Single Shared Hosting plan. To get pricing, I simply went to the company’s main site at Hostinger.com.
As with most every hosting provider, Hostinger’s published pricing is somewhat misleading. There is no option to just get billed 80 cents per month.
While it looks like you can get the Single Shared Hosting plan for $0.99 per month, that’s only if you prepay for four full years, which means you’re actually paying $47.52. Now, to be fair, 47 bucks for four years of hosting is a very good deal, but it is confusing. If you want only one year, you’re charging $35.88 to your card (which is $2.99 per month). Still not bad, at least for the first year.
There’s a gotcha though. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. When you renew your one year plan, you’re going to jump to $5.99/month or $71.88/year. Of course, we have no idea what the pricing will be in four years, but you get the idea. 
While $5.99/mo itself isn’t a bad price for basic hosting, the fact is, your price will jump by more than double what you paid when you signed up. Now, Hostinger does note that they offer promotions for existing users, so your renewal price won’t necessarily increase to the full price. But again, we have no idea what promotions will be in effect in four years.
On the other hand, if you do sign up for the base Hostinger plan, you pay one shot of $47.52 and — assuming you don’t need more capacity — you’ve locked in a solution that you don’t need to worry about for an entire four years.
I focus on these pricing gimmicks in my reviews because it can be really unpleasant to suddenly get a bill that’s hundreds or even thousands of dollars (depending on the plan) more than you expected. Second, switching from one hosting provider to another hosting provider can be a very time-consuming and possibly expensive job, fraught with hassles and potential points of failure.
At least half of the hosting vendors I’ve looked at over the years do these promo deals, with big jumps in renewal fees.
View Now at Hostinger
What the base plan includes
Most bottom-end plans are for one website, and Hostinger is no different.
Before we move into the details, let’s spend a moment talking about what a base plan really is. All websites are not created equal. While you might be able to pay under a buck a month to run your website, I pay about a hundred bucks each month to run my small fleet of sites. 
A base site is designed for a business or individual who wants a basic online presence. That’s a bunch of pages, some product or service shots, and a lot of text. If you want to run complex web applications, or you expect a lot of traffic, a basic site is not for you.

If you’re just trying to get started with an online presence, starting simply is a good way to go. In this series, we’re reviewing the least expensive program each hosting provider offers. That’s going to be what the majority of buyers will want, and it will give us a good insight into the company.
Unlike most hosting vendors these days, Hostinger does not claim unlimited disk space, unlimited bandwidth, and unlimited email, at least for their entry-level plan. The Single Shared Hosting plan comes with 10GB SSD space, up to 100GB bandwidth, and one email account.
They start promoting “unlimited” for their next tier up, Premium, which is $1.99 per month for four years and renews at $4.99 per month.
Be careful, though. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabits of video, for example. They also state, amusingly, that  “All Web Hosting plans, including the unlimited plans, are subject to a limit…” Read their terms of service for the actual limits on their unlimited accounts. In other words, if your site suddenly becomes some sort of viral hit (you lucky thing!), you’re probably going to have to pay more to keep your site running.
There are some wins, most notably that even the basic plan is hosted on SSDs. Even if a site is using caching (which reduces the load on a server), having fast drives is always a plus.
The company does have 24/7/365 live chat support, which — based on my own use of their service — is quite responsive. You are allowed two subdomains. You can park an unlimited number of domain names on the account. FTP over SSL is available, which is important for keeping your site secure while transferring files in and out.
Hostinger offers a 30-day money-back guarantee. It’s not as long as some of their competitors, but it is a fair amount of time for you to get a simple site up and running and see how things work.
Dashboard access
The first thing I like to do when looking at a new hosting provider is exploring their dashboard. Is an old friend, like cPanel? Is it some sort of janky, barely configured open source or homegrown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into Hostinger’s dashboard, you’re greeted with a very well-designed getting started screen. You have five clear options:

I like this a lot. With most hosting plans, it’s pretty simple to do a WordPress install using Softaculous, but you need to know enough to find the panel and find the install tool. With Hostinger, it’s just one click of the big yellow box (or purple or green box) and you’re on your way.
Of course, I went with “Skip this” because I wanted to see what would happen. I’m like that.
With that, I was dropped into cPanel, using a clean and modern skin. If you’re comfortable around web hosting, this is an old friend.

While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site. Hostinger seems to have enabled most of cPanel’s main capabilities, so even with a basic account, I didn’t feel restricted.
Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I did expect to see Softaculous as the installer but instead found Auto Installer. cPanel allows hosts to choose from an app catalog of installers, and this is the one Hostinger is using. It gets big points by being fully integrated into the cPanel interface. Since newbies might not know the name Softaculous leads to more apps, it’s actually a clean, simple way to go.

I went ahead and clicked WordPress, answered some basic configuration questions, and after a minor snag (my mistake) that I’ll describe in my discussion of support, was presented with an installed WordPress site:

I like this installer. With many cPanel installers, you have to create your own MariaDB or MySQL database and link it into WordPress. This Auto Installer automatically generated the database and properly linked it into WordPress so all I had to do was hit the WP Admin button and log in.
Overall, adding an app using Hostinger’s cPanel went very smoothly.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an e-commerce site of any kind.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether Hostinger’s most inexpensive platform is starting with a secure foundation.
The first of these is multifactor authentication (MFA). It’s way too easy for hackers to just bang away at a website’s login screen and brute-force a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding Hostinger for what I consider to be a pretty serious security flaw. Hostinger does not offer any form of MFA for their dashboard. You, of course, can add a plugin to your WordPress site to put MFA on there, but if the dashboard is open, protecting the site itself is only a weak partial solution.
While Hostinger does not offer SSL with their basic account, you can buy an SSL certificate from them for a one-time fee of $11.95. Activating SSL was quite simple, once the certificate was assigned to the account. All I had to do was click Activate SSL on the dashboard for it to be enabled (and working for my previously-built WordPress site):

As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings (using the Health Check & Troubleshooting plugin), as of the day I tested, for Hostinger’s Single Shared plan:

Component

Version Provided

Current Version

How Old

PHP

7.032

7.2.14

Five months

MySQL/MariaDB

MariaDB 10.2.17

MariaDB 10.3.12

Five months

cURL

7.62.0

7.64.0

Three months

OpenSSL

1.0.2k

1.0.2q (and 1.1.1a)

23 months

In general, these results aren’t bad. You kind of need to know the component to know how to read these results. For example, WordPress prefers PHP 7.2, so even though PHP is only a few months old, it’s due for an upgrade. On the other hand, the cURL library is surprisingly current. A lot of hosting providers are running ancient (and dangerous) versions of cURL, while Hostinger is pretty much up to date.
Also, the company supports OpenSSL 1.0.2k, where the absolutely most current version is 1.1.1a. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. The bottom line is that Hostinger is pretty much where it should be in terms of the system components they’re offering on their platform.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea of what to expect. The way I test is to use the fresh install of WordPress with the standard theme TwentySeventeen. I then performance test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Oddly enough, the German test did not include an image capture of the page being tested. I ran it three times just to be sure it wasn’t a glitch. I’m not too concerned, since the test results from Germany are reporting the same page size as the test from America, so I’ll just chalk it up to an anomaly at Pingdom.
Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site and then measures the responsiveness.

The Load Impact surprised me a bit. As more users are concurrently hitting the site, you’d expect the responsiveness to become more irregular. In this test, response time began at about 71ms, hovered between that and about 131ms, and ended at 83ms. But there was that spike, which pushed that one request out to 2.57 seconds. Even as requests grew from roughly six requests a second to ten times that, response time stayed generally stable.
This is not normally a characteristic of a lower-cost hosting plan. One of the reasons you pay more for a hosting plan is if your business model can’t sustain a reduction of responsiveness, but as we’ve seen, as the number of users increased, responsiveness stayed pretty steady.
None of the tests showed spectacular performance, and I found the responsiveness of the WordPress dashboard to be sluggish, but I wouldn’t expect more from a low-end plan. As you can see, the different tests reported substantially different results, ranging from a B rating to a D+ rating.
I say this a lot in my reviews, but take advantage of the money-back time period to fully test out results for yourself. You have 30 days with Hostinger. Make sure to use them.

Support responsiveness
During testing, I had four different reasons to reach out and ask for help — most related to the information gathering I was doing for this article. All of my contacts were through the chat interface on the Web site.
I initially had difficulty setting up my account. This is a bit of insider baseball, but hosting vendors set up time-limited accounts for me to do my testing on. The settings for the test account were wrong, and I needed to have it reset.
On the Hostinger site, I reached out and after just four minutes, was greeted by Andrius.  Apparently, it was 2:27am in Lithuania where Andrius was helping me. He helped me reset my account, and I was able to set it up using one of my own domain names, which I pointed to the Hostinger name servers. Making that fix, including my discussion with Andrius, took less than a half-hour.
Next, I wanted to clarify the lack of multifactor authentication, so I reached out again. This time, it was Arnas at 12:25am (it was the middle of a Sunday afternoon here in Oregon). He responded within two minutes and answered my question. He also had a delightful Neil Patrick Harris animated sign-off GIF which made me chuckle out loud.
Finally, I spoke to Gytis twice about a few other service plan questions. He jumped onto the chat in about three minutes and answered my questions.
Although I haven’t exhaustively tested the support service (I tried on a Wednesday and a Sunday afternoon), each time someone responded in four minutes or less.
I thought support was quite good, especially for the very basic plan provided by Hostinger.

Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The renewal pricing of about a hundred bucks a year after the initial four-year promotion ends is a bit of a shocker. On the other hand, the fact that you can get four years of hosting for less than $35 total is a solid offer for a set-it-and-forget-it solution for low-end or starter sites.
While the company has a major failing in not offering multi-factor authentication for their dashboard, the components used to drive websites are reasonably up-to-date and should offer a solid base for secure site operations. Plus, their dashboard implementation was well done and trouble-free.
Obviously, you should spend your 30 day trial time testing your site out carefully, but for the price, Hostinger is providing compelling value. 
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Image: Chris Duckett/ZDNet
The company responsible for the National Broadband Network has said it will be reviewing its generally reliable weekly release of rollout statistics, as it pinned the blame on the recent HFC pause.
“The Weekly Progress Report (Build) is currently being reviewed by NBN Co for any impacts of the global equipment and component shortage on the NBN HFC network. Publishing of the next Weekly Progress Report (Build) will resume as soon as possible,” the company said in an update on its report page.
Curiously, the report does not break down its numbers by technology — only whether a connection is fixed brownfields, fixed greenfields, satellite, or wireless.
In its first half results delivered this week, NBN said it had just shy of 1.9 million HFC customers active on its network at the end of 2020, with 2.5 premises ready to connect.
In total, it has almost 8 million active connections on its network, and 11.9 million able to connect.
Under its current new HFC connection pause, the company has stopped taking order for premises that are yet to connect its network via the cable technology.
Vulnerable customers would continue to be connected, NBN said in a recent notice, and customers moving into a premise already with NBN over HFC would be fine, as would those needing repairs and replacements on existing equipment.

The source of the pause is a lack of chipsets for its HFC network termination devices, which was pinned on the coronavirus pandemic. Last week NBN was notified the supply chain shortages would “continue for several months”.
Shortages are also hitting the likes of AMD.
“We have been monitoring this issue for several months since we first became aware the global shortage of chipsets affecting various industries, including telecommunications. As a result, we have been working closely with our supplier to build up our HFC equipment inventories in our warehouses as much as possible,” NBN chief customer officer Brad Whitcomb said at the time.
“We apologise to new customers that may be affected by this global supply chain issue and the anticipated delays. While this issue only affects a small number of potential customers that we anticipated would connect to NBN via HFC, relative to the large number of customers already on HFC, and indeed the entire NBN network, we appreciate that for those impacted this is frustrating.”
On Tuesday, NBN reported for the six months to the end of 2020, it had seen a 25% increase in revenue to AU$2.26 billion, which it said was thanks to 660,000 premises joining the network and increased demand for higher speed plans. On the EBITDA front, the company reported AU$424 million, a AU$1.1 billion turnaround on the AU$663 million EBITDA loss reported last year.
Related Coverage More

If you’re looking for a web hosting provider, you have a tremendous number of choices. In my Best web hosting providers for 2021, I looked at 15 providers who offer a wide range of plans.
To get a better feel for each individual provider, I set up the most basic account possible and performed a series of tests. In this article, we’re going to dive into HostGator’s offerings. Stay tuned for in-depth looks at other providers in future articles.
HostGator at a glance
HostGator was founded in 2002 by a student at Florida Atlantic University (hence the “gator” in HostGator). Today, HostGator is one of nearly 100 web hosting brands owned by Endurance International Group (EIG).
EIG was in the news in 2018, when the Times of India reported that its former CEO and CFO were charged by the US Securities and Exchange Commission for “overstating the company’s subscriber base.” The company agreed to pay an $8 million penalty without admitting fault.
UPDATE: HostGator reached out to us requesting changes to the Quick Security Checks section of this article. Their comments and our responses are included inline in that section.
How pricing really works
Because there’s such variability among plans and offerings among hosting providers, it’s hard to get a good comparison. I’ve found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.
If the vendor provides good service for the bottom-shelf plans, you can generally assume the better plans will also benefit from similar quality. In the case of HostGator, there were some bright spots, some annoyances, and some serious security concerns.

For the series of hosting reviews I’m doing now, I’m testing the most basic, most entry-level plan a vendor is offering. In the case of HostGator, that’s what they call their Hatchling plan. To get pricing, I simply went to the company’s main site at HostGator.com. If you want to save some money, though, read to the end of this section.

Like nearly every hosting provider in the business, their offering is somewhat misleading. There is no option to just get billed $2.75 per month. Notice the all-powerful asterisk next to the price.
While it looks like you can get the Hatchling plan for $2.75 per month, that’s only if you prepay for three full years, which means you’re actually paying $105.35. If you want only one year, you’re charging $76.11 to your card (which is $5.95 per month). If you want to buy the service on a month-by-month basis, you’re paying $10.95 per month.
When you hit the Buy Now button, the company pre-populates a one year subscription with optional add-ons for site monitoring and backup, adding $43.94 to the bill (but you can uncheck these options).
There’s a painful gotcha to these “starting at” prices. When you renew, you’re going to pay more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. Instead of paying $105.35 for three years, upon renewal you’ll be paying a whopping $250.20 on a single credit card charge, a price increase that’s more than double the original price.
Here’s another way to save money. If you come in through the affiliate link in CNET’s hosting providers directory, you get access to slightly lower prices on a per-month basis.

Even though you can get a deal through that affiliate link, when your initial period ends, you’ll still be expected to pay the full renewal price for another three full years.
I harp on high renewal fees in my coverage of hosting vendors for two key reasons. First, it’s a really nasty feeling suddenly getting a bill that’s hundreds or even thousands of dollars (depending on the plan) more than you expect. Second, switching from one hosting provider to another hosting provider can be a very time-consuming and possibly expensive job, fraught with hassles and potential points of failure.
Unfortunately, while not a universal practice, at least half of the hosting vendors I’ve looked at over the years do these promo deals, with big jumps in renewal fees once they have you locked in.
What the base plan includes
As with most hosting vendors these days, HostGator claims unlimited disk space, unlimited bandwidth, and unlimited email. In practice, these unlimited values are limited in the terms of service. You can’t use your unlimited storage as a giant backup tank where you dump gigabytes of video, for example. They also state, “HostGator expressly reserves the right to review every shared account for excessive usage of CPU, disk space and other resources that may be caused by a violation of this Agreement or the Acceptable Use Policy.”
In other words, don’t abuse the resources you’re buying, and buy the level of plan reasonably commensurate with your expected usage. If you’re about to run a big, national promotion where you expect lots of traffic, you might not want to use the Hatchling plan. If you get too much traffic, HostGator might shut you down or bill you a lot more.
Their terms of service continue, “HostGator may, in our sole discretion, terminate access to the Services, apply additional fees, or remove or delete User Content for those accounts that are found to be in violation of HostGator’s terms and conditions.”
The base level plan has some compelling features. First, and this is important as we move forward in a quest for a more secure web, is the availability of free SSL for your site. This adds that little lock icon to your browser’s address bar and makes sure traffic between your site and your visitors is encrypted.
The company also offers 24/7/365 support which not only includes ticket and chat, but phone support as well. While you’re only able to use one domain, you can use as many subdomains as you wish. The company also provides a coupon for $100 in Google ads and another $100 in Bing ads. While you probably won’t get enough ad hits to cover your cost of hosting, it will help you get your feet wet in the world of Google and Bing advertising.
Dashboard access
The first thing I like to do when looking at a new hosting provider is explore their dashboard. Is it an old friend, like cPanel? Is it some sort of cobbled-together home-grown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most, because they almost always hide restrictions that I’m going to have to work around somehow.
When you first log into HostGator’s dashboard, you’re greeted with their customer portal. Here you can manage your credit card information, get support, and — most important, apparently — buy the upsell options they offer.

This is not the only dashboard you’ll be using. The main dashboard is cPanel, which is common to many, many sites across the Web. While cPanel can be frustrating at times, it’s a very capable interface that lets you manage all aspects of your site.
It took a surprisingly long time for cPanel to launch, almost a full minute. What’s a little more bothersome, though, is the range of additional upsells in the middle of cPanel. cPanel is usually pretty predictable and seeing almost as many ads and upsells as management options was tedious.

Installing WordPress
There are certainly other content management and blogging applications you can use besides WordPress. That said, since 32 percent of the entire Web uses WordPress, it’s a good place to start. WordPress sites can be moved from hosting provider to hosting provider, so there’s no lock-in. And by testing a site built with WordPress, we can get some consistency in our testing between hosting providers.
I went ahead and clicked the Build a New WordPress Site button on the main cPanel page… and got hit with another page of upsell promotions:

At $399, prices were really starting to climb from that tasty little $2.75 offer the company promoted. The promos on this setup page didn’t say what theme they’d be installing. WordPress does come with a nice set of free themes, and most themes are relatively inexpensive. I tried to figure out what the $399 program was for, but as far as I can tell, it’s simply setting up WordPress, which is usually about a five minute process.
The difference between the $199 and $399 program was the addition of SEO and WordPress site security. To be fair, most WordPress security plugins and add-ons cost about a hundred bucks a year, and there are premium SEO plugins that can cost a similar amount. But without going all the way through the checkout, it wasn’t clear what tools HostGator was providing in return for its almost $400 of upsell.
My advice is to skip these upsells. Simply install WordPress, get to know your site, and then start with a tool like Wordfence or Sucuri to keep your site protected.
Once I entered my user name and domain, I was… wait for it… presented with another upsell:

I went ahead and hit the login button, and… it failed:

I took a quick look at the File Manager and determined that the WordPress install appeared to be in place. So, instead of using HostGator’s login button, I just used the standard WordPress admin URL, which is domain.com/wp-admin. This worked.
I was, however, no longer surprised to find more upsells. In this case, the entire main dashboard page — going well below the scroll of the page — had upsells.

There seems to be a big push for using a number of plugins that are either freemium or affiliate-based. Jetpack is produced by Automattic, the company behind WordPress. It also has an affiliate program.
My guess is that HostGator is pre-installing plugins where they get some affiliate revenue. There’s nothing particularly wrong with that, but plastering these upsells in the middle of configuration screens is getting old.
HostGator also dropped in a plugin for something called Mojo Marketplace. This, too, had pages and pages of upsells, this time for themes.

With all the added plugins, junk, and upsell, it’s no wonder that the site initially failed when I hit the site login button from the HostGator dashboard.
Let me be clear. There is nothing wrong with using lots of plugins on a WordPress site. That’s one of WordPress’s biggest strengths. But filling a site with crapware before it’s even live is nothing but a distraction, can add a considerable amount of confusion to new users, and may cause potential problems in terms of functionality. Plus, it’s just rude.
Quick security checks
Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn’t flag Google, and can connect securely to payment engines if you’re running an ecommerce site of any kind. You also don’t want to distribute malware to your visitors. That’s bad.
While the scope of this article doesn’t allow for exhaustive security testing, there are a few quick checks that can help indicate whether HostGator’s most inexpensive platform is starting with a secure foundation. Here’s the tl;dr: it’s not. This thing is dangerously insecure.
The first of these quick checks is multifactor authentication. It’s way too easy for hackers to just bang away at a website’s login screen and bruteforce a password. One of my sites has been pounded on for weeks by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn’t been able to get in.
Unfortunately, I have to ding HostGator for what I consider a pretty serious security flaw. When you log into their customer portal, all you need to provide is a username and password. However, if you want to ask support questions and get answers, you do need to set up a support PIN. This is a partial step forward. The problem is that if you’re able to log into the main management account, you can change the email address associated with it, and then have a new support PIN sent out. The bottom line is without a second factor for login authentication, the PIN is essentially worthless.
Secondly, according to the support person I reached out to on chat, HostGator’s cPanel implementation also does not support multi-factor authentication, at least in the lower-end accounts.

Multi-factor authentication should never be an upsell option, or provided only for premium accounts. It takes very little effort for a hosting provider to enable it. Not only does it protect the individual customers using the feature, it also protects all the customers of the hosting provider. That’s because most shared hosting servers share IP addresses. If a spammer or scammer hijacks a shared hosting account and that account is blocked, it’s entirely possible that all the accounts sharing that IP or that IP’s larger block of numbers will be blocked as well.
I strongly recommend that HostGator implement MFA for all accounts immediately, for their benefit as well as that of their customers.
I mentioned earlier that HostGator provides a free SSL certificate. They’re using Let’s Encrypt, a program that provides free, automated SSL certificates. Let’s Encrypt is enabled by default, so once you set up a website, all you need to do is use your https:// in your URL to provide encrypted URLs for your visitors.
As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I’ve found that if components are up-to-date for one set of needs, they’re usually up to date across the board.
Here are my findings derived from the HostGator versions page and a pleasant tech support conversation, as of the day I tested, for HostGator’s Hatchling plan:

Component

Version Provided

Current Version

How Old

PHP

7.4

7.4.14 (8.0 is still a bit new)

reasonably current 

MySQL

5.6.x

8.0.23

8 years / 2904 days (end of support is Feb 21)

cURL

7.19.7

7.75

11.3 years / 4124 days

OpenSSL

 1.0.1e-fips 11

1.0.2t (and 1.1.1)

7.1 years / 2592 days

The cURL library, which is meant for data transfer, particularly of secure information, is vastly and woefully out of date. A quick look at the cURL release table shows there have been thousands of bugs fixed and hundreds of vulnerabilities resolved since the version of cURL being provided by HostGator was released back in 2009. That’s more than a decade old. That would be like walking around today with an iPhone 3GS and running Windows Vista on your PC!
UPDATE: HostGator told us, “cURL does list an older raw version, but RedHat/CentOS backport security patches and we update all servers at least daily. This is standard for RedHat/CentOS and expected behavior.” This is actually a very interesting process. Red Hat does go back to older versions of standard Linux software and port security fixes, as HostGator stated. However, even with security fixes applied, offering a nearly 10 year old version of cURL will provide website owners with ongoing compatibility challenges, particularly with payment gateways.
The company supports OpenSSL 1.0.1e-fips 11, where the absolutely most current version is 1.1.1. The gotcha is that when OpenSSL went to 1.1, it broke a lot of code. As a result, the OpenSSL project is updating both the 1.0.2 branch and the 1.1 branch. I know, it’s enough to give you a headache. Here, despite all the version number confusion, there’s one fact you need to know: the version of OpenSSL HostGator is supplying is also vastly out of date.
UPDATE: HostGator told us, “OpenSSL also lists an older raw version, but again RedHat backports security patches and we ensure daily updates.” This is the same backporting process Red Hat uses for cURL. It means that while security flaws have been updated, the version and its compatibility is still nearly a decade old.
HostGator is using version 5.6 of MySQL. While MySQL supports many versions, the latest is 8.0. HostGator’s MySQL implementation is eight years old.
UPDATE: HostGator told us, “All HG boxes have MySQL 5.6 or higher. The article reports 5.5, which hasn’t been in place for a long time.” While this was the version shown on HostGator’s own versions page when the article was written, we’re glad to see MySQL has been updated.
What’s worse, each of the versions of these packages are below WordPress’s minimum requirements. 
UPDATE: In light of HostGator’s use of backported security updates, we’re going to walk back the following statement. However, because MFA is not available and because many of these versions (even with backported security updates) will cause modern software to fail, we still consider HostGator a less than optimal choice for e-commerce or any security-related site.
Given the vulnerabilities fixed since these versions were released, I have only one recommendation: Do not use HostGator’s Hatchling plan for anything e-commerce or security related. Period. Not only are you likely to run into conflicts with the various payment services who no longer support encryption libraries from the Stone Age, you’re opening yourself and your potential customers to a vast array of known hacking vulnerabilities.
Performance testing
Next, I wanted to see how the site performed using some online performance testing tools. It’s important not to take these tests too seriously. We’re purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.
That said, it’s nice to have an idea what to expect, and that’s what we’re doing here. The way I test is to use the fresh install of WordPress and then test the “Hello, world” page, which is mostly text, with just an image header. That way, we’re able to focus on the responsiveness of a basic page without being too concerned about media overhead.
One note: normally I wouldn’t test a site with all the crapware plugins installed. But since most users who buy these plans probably won’t know how to remove the plugins or which plugins are safe to remove, I tested performance with those plugins installed. I fully expected performance numbers to take a hit from all that added cruft, but I was wrong. Performance wasn’t bad at all.
First, I ran two Pingdom Tools tests, one hitting the site from San Francisco and the second from Germany. Here’s the San Francisco test rating:

And here’s the same site from Germany:

Next, I ran a similar test using the Bitchatcha service:

Finally, I hit the site with Load Impact, which sends 25 virtual users over the course of three minutes to the site, and then measures the responsiveness.

The Load Impact test was also somewhat unexpected. At the beginning of the test, some page load times took longer than they should. But as the number of virtual users climbed, responsiveness settled into a nice rhythm.
While lower-end hosting plans often have spotty performance, this was a good showing. Most lower-end plans, including the one we’re testing, share server resources with other customers. So, at times of heavy activity, if one site is seeing heavy usage, the other sites may suffer. I’m testing this site on a Sunday afternoon, which is a relatively slow period in web hosting terms, but even so, the performance for this bottom-end site was unexpectedly reasonable.
Support responsiveness
I only needed to contact support once, through the chat interface. I was connected to someone within about five minutes. It took a few more minutes to establish a support PIN, but then I got my answer quickly.
For a Sunday afternoon, it was a complete, reasonably knowledgeable answer. I’ve certainly experienced far worse support.
Overall conclusion
You never want to get your expectations too high for a bottom-end plan. The economics of running such a super-cheap offering is that the provider has to make it up on volume. Professional and enterprise hosting plans with lots of traffic and performance must, out of necessity, cost more.
The only way to truly know what it’s like to use a service is to run a live website on it for a few years. That said, I was both pleased and disappointed with HostGator’s showing.
I found my interactions with HostGator’s customer portal and cPanel to be sluggish. It often took 30 seconds to a minute for a click to process through to a result.
On the other hand, performance of the site being hosted by HostGator, the site you’re paying for and want to be highly performant, was quite good.
HostGator’s relatively constant upsell, especially within the configuration and operational aspects of the control panel, proved intrusive. The company installed way too many plugins in the default WordPress install, which not only caused the initial login to fail, but might make it far more confusing for new users.
Finally, the company’s lack of support for modern security protocols and login security is deeply disturbing. They’re letting hundreds of thousands of customers launch websites with woefully out-of-date security software. Given that the security libraries are free and open source, there’s just no supportable reason for HostGator to be lax on this most important aspect of Web security.
The company offers a 45-day money back guarantee, which is reasonable.
The bottom line is this: if you want to set up a simple website as an online brochure, HostGator should be fine. But if you want users to login to or pay for something through your site, do not use this plan.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

I just ordered Starlink, SpaceX’s Low Earth Orbit (LEO) satellite internet service. For the first time, if you live in Canada, the United States, or the United Kingdom, you can too. Alas, that doesn’t mean I, or you, will get it anytime soon.

But, with its first-come, first-served approach, at least you’ll be on the list. Before this offer arrived, you could apply to be in the Starlink beta test and hope for this best. 
Getting on the Starlink list will cost you a $99 deposit. You can pay for this with a credit card. Sorry, despite what founder Elon Musk has said, paying by Bitcoin isn’t an option yet. 
In return, you’ll get an estimated coverage date of either 2021 or 2022 based on your location.  In my case, I live in Asheville, North Carolina, and I have an estimated service date of late 2021. 
When, and if, I get the service, Starlink will also charge me $499, plus tax, for the Starlink Kit, which will consist of a small satellite dish with installation gear and a Wi-Fi router. The service itself costs $99 a month. In the fine print, you’ll see that the charges for this preorder are fully refundable and — drat it — “placing a deposit does not guarantee service.”
Is it worth it? I’m getting it not because I need it — Charter/Spectrum does well enough for me — but because I cover the Internet Service Providers (ISP) and networking, I need to exactly how it works and how well it works. 
Starlink is really meant for people who can’t get conventional broadband. It’s not meant as a replacement for people who can already get broadband via cable or fiber but rather, it’s for people whose “broadband” choices are otherwise DSL, conventional satellite internet,  or even dial-up modems. If that’s you then you want to check Starlink out.

According to independent third-party tests, such as TestMy.Net, Starlink provides an average download speed of 55.59 Megabits per second (Mbps), with a top speed of 194.44Mbps. Fast compared to gigabit fiber? No. Fast compared to its competitors in the backwoods? Oh yes.
Another plus is that Starlink has a relatively low latency of 20 to 40 milliseconds. Again, a gamer might sneer at that, but compared to the hundreds of milliseconds of old-style satellite internet, it’s an order of magnitude better.
There’s already pent-up demand for Starlink’s internet. SpaceX has applied for an FCC license to roll out five million “UFO on a stick” end-user terminals over its original request for a million terminals. This came after 700,000 US residents signed up to be updated about the service’s availability.  As of January 2021, however, Starlink only has 10,000 beta testers.
Add it all up and I’m hoping, but not expecting, to see a Starlink antenna on my roof this year. There needs to be a lot more Starlink kits produced and Starlink satellites launched to deliver the internet goodies to 5 million users. Still, you can now start making plans for Starlink to be your internet connection sooner rather than later.
Related Stories: More

Image: Asha Barbaschow/ZDNet
Telstra reported on Thursday it had a challenging end to the calendar year of 2020, as the company saw double-digit drops in revenue and earnings before interest, income tax expense, depreciation, and amortisation (EBITDA) and, consequently, it has revised its guidance downwards.
For the half year to December 31, the company saw revenue fall 10% to AU$12 billion, while EBITDA dropped 14.7% to AU$4 billion, and EBIT took a 20% hit to decline to AU$1.64 billion. Thanks to a substantially lower level of income tax, down 60% to AU$209 million, net profit fell only 2.2% to AU$1.13 billion.
The reasons for the lower revenue was pinned on lower hardware sales, while the now regular blame on NBN headwinds and a lack of international roaming revenue due to the pandemic drove the lower profitability.
The company said handset and tablet sales were down by 450,000 units, which translated to a 29% decline to AU$1.24 billion for the quarter as a line item.
COVID-19 slowed sales during the quarter by lowering foot traffic in stores by 30%, customers were using pricier handsets for longer before replacing them, more people were purchasing phones outright from other retailers, and the latest iPhone release was later than usual.
“Of these reasons, impacts of COVID on sales and the later iPhone release drove outcomes materially different to our estimates when we set guidance,” Telstra CFO Vicki Brady said. “We anticipate these impacts to continue in the second half.”
On the positive side, despite an 8.6% reduction in average revenue per user, the company maintained that figure would increase in the second half of its fiscal year.

Now that the company has reversed course and resumed its T22 job shedding, Telstra CEO Andy Penn said the company is looking to complete its goal of firing 8,000 people by the end of the 2021 calendar year.
“In terms of reductions in indirect headcount, it was initially our expectation to reduce by around 25% or 10,000,” Penn said. “However, we have already reduced 16,000 and we expect to make further reductions to our indirect workforce due to the significant progress we have made in digitising the business. The majority of these roles have been offshore.”
Penn added that the company closed its Cebu call centre in the Philippines last week as it looks to have its consumer and small business customer calls answered in Australia within the next year and a half.
Telstra also announced on Thursday it would take full ownership of Telstra branded stores around the country.
“As more customers interact with businesses online as a result of COVID, we think now is the right time to bring back ownership to ensure a consistent and integrated customer experience across our online channels and entire store network,” Penn said.
“At the height of COVID last year we were able to redeploy frontline staff from Telstra owned stores to assist customers through our digital channels or via the phone. It’s this flexibility that we’ll be able to unlock as more retail branded stores are under Telstra’s ownership.”
The company currently has 67 owned and operated stores, with 166 stores run by independent licensees, and 104 stores operated by Vita Group. The telco said it would begin discussions with its licensees today, and would “offer roles to current store staff in the majority of cases”.
Looking at its revenue by division, mobile was down 12% to AU$4.7 billion, as the company added 80,000 postpaid customers, which included 22,000 from Belong. It also had an extra 456,000 IoT services on its network by the end of the half, and now has around 1 million 5G devices on its network.
For consumer and SMB fixed line, revenue was down 7.5% to AU$2.43 billion with declines in voice services and Foxtel from Telstra users.
Enterprise fixed line dropped 6.4% to AU$1.85 billion as not all copper line users migrating to NBN stayed with the telco.
“Single-digit growth in managed services, including security and cloud applications, was insufficient to offset structural declines in calling applications (including ISDN), as well as equipment sales and professional services,” Brady said.
Wholesale fixed continued to shrink with the shift of services to NBN connections, with revenue diving 19% lower to AU$770 million.
The international business of Telstra Enterprise was down 11% to AU$755 million.
“Our underlying results remained challenged … however, our continued focus on T22 is delivering simpler, better outcomes for our customers and greater productivity,” Brady said.
“Product margin improvement is also imminent, and already occurring in mobile. We see clear positive indicators of an improved financial trajectory, which we expect will return us to underlying EBITDA growth in FY22, and put us on the path to achieving our FY23 financial ambitions.”
Telstra touted it would be handing AU$950 million of its cash to shareholders in the form of an 8 cent dividend.
Related Coverage More

Huawei has once again filed a lawsuit against the United States government, this time picking a fight with the Federal Communications Commission (FCC) for its decision to designate the company as a national security threat.
According to the legal complaint, Huawei is seeking a review of the designation on the grounds that the execution of the order was beyond the FCC’s scope of powers; violated federal law and the Constitution; arbitrary, capricious, and an abuse of discretion; and not supported by substantial evidence.
Huawei also said in the complaint that the designation could adversely impact the financial interests of the telecommunications industry as a whole.
The FCC designated Huawei, alongside ZTE, as a national security threat back in June, which has resulted in US telcos no longer being able to use the FCC’s Universal Service Fund to purchase equipment or services from these Chinese companies. 
Departing FCC chair Ajit Pai said at the time there was an “overwhelming weight of evidence” that both Huawei and ZTE had close ties to the Chinese Communist Party and China’s military apparatus.
The designation arose after former US President Donald Trump signed legislation barring US companies from using federal funds to purchase equipment from companies that have been deemed as national security threats.
The law also established a $1 billion reimbursement program to help smaller providers with the cost of ripping out and replacing the prohibited equipment from Huawei and ZTE. 

The FCC is not the only federal agency that has faced legal action from Huawei. Shortly after the US Commerce Department added Huawei to its “Entity List” — which bars US companies from transferring technology to Huawei without a government-approved licence — Huawei filed a lawsuit against the agency on claims that it acted unconstitutionally in enforcing the ban.
That lawsuit was eventually dismissed in February last year on the grounds that Congress was within its rights to enforce the ban.
“Contracting with the federal government is a privilege, not a constitutionally guaranteed right — at least not as far as this court is aware,” District Judge Amos Mazzant said in the February ruling when addressing Huawei’s arguments. 
Huawei has also filed a legal action requesting for the law that enforced the ban to be thrown out. This legal action is still being considered by the courts.
Related Coverage More