Good performance, bad security, upsells everywhere – Bestgamingpro

If you’re on the lookout for a website hosting supplier, you will have an amazing variety of selections. In my Best website hosting suppliers for 2021, I checked out 15 suppliers who supply a variety of plans.

To get a greater really feel for every particular person supplier, I arrange essentially the most fundamental account potential and carried out a sequence of exams. In this text, we’re going to dive into HostGator’s choices. Stay tuned for in-depth seems at different suppliers in future articles.

HostGator at a look

HostGator was based in 2002 by a pupil at Florida Atlantic University (therefore the “gator” in HostGator). Today, HostGator is one among almost 100 website hosting manufacturers owned by Endurance International Group (EIG).

EIG was within the information in 2018, when the Times of India reported that its former CEO and CFO have been charged by the US Securities and Exchange Commission for “overstating the company’s subscriber base.” The firm agreed to pay an $8 million penalty with out admitting fault.

UPDATE: HostGator reached out to us requesting adjustments to the Quick Security Checks part of this text. Their feedback and our responses are included inline in that part.


Because there’s such variability amongst plans and choices amongst internet hosting suppliers, it’s exhausting to get comparability. I’ve discovered that among the finest methods to see how a supplier performs is to have a look at the least costly plan they provide. You can anticipate the least high quality, the least consideration to element, and the least efficiency from such a plan.

If the seller offers good service for the bottom-shelf plans, you possibly can typically assume the higher plans can even profit from related high quality. In the case of HostGator, there have been some brilliant spots, some annoyances, and a few critical safety issues.

For the sequence of internet hosting critiques I’m doing now, I’m testing essentially the most fundamental, most entry-level plan a vendor is providing. In the case of HostGator, that’s what they name their Hatchling plan. To get pricing, I merely went to the corporate’s foremost website at If you wish to avoid wasting cash, although, learn to the top of this part.

Like almost each internet hosting supplier within the enterprise, their providing is considerably deceptive. There isn’t any choice to simply get billed $2.75 per 30 days. Notice the omnipotent asterisk subsequent to the value.

While it seems like you may get the Hatchling plan for $2.75 per 30 days, that’s provided that you prepay for 3 full years, which suggests you’re really paying $105.35. If you need just one 12 months, you’re charging $76.11 to your card (which is $5.95 per 30 days). If you wish to purchase the service on a month-by-month foundation, you’re paying $10.95 per 30 days.

When you hit the Buy Now button, the corporate pre-populates a one 12 months subscription with non-obligatory add-ons for website monitoring and backup, including $43.94 to the invoice (however you possibly can uncheck these choices).

There’s a painful gotcha to those “starting at” costs. When you renew, you’re going to pay extra. This, too, isn’t unusual for internet hosting plans and is a apply I strongly want the internet hosting trade would cease. Instead of paying $105.35 for 3 years, upon renewal you’ll be paying a whopping $250.20 on a single bank card cost, a worth enhance that’s greater than double the unique worth.

View Now at HostGator

What the bottom plan contains

As with most internet hosting distributors today, HostGator claims limitless disk house, limitless bandwidth, and limitless electronic mail. In apply, these limitless values are restricted within the phrases of service. You can’t use your limitless storage as a large backup tank the place you dump gigabytes of video, for instance. They additionally state, “HostGator expressly reserves the right to review every shared account for excessive usage of CPU, disk space and other resources that may be caused by a violation of this Agreement or the Acceptable Use Policy.”

In different phrases, don’t abuse the assets you’re shopping for, and purchase the extent of plan moderately commensurate together with your anticipated utilization. If you’re about to run an enormous, nationwide promotion the place you anticipate plenty of visitors, you may not wish to use the Hatchling plan. If you get an excessive amount of visitors, HostGator may shut you down or invoice you much more.

Their terms of service proceed, “HostGator may, in our sole discretion, terminate access to the Services, apply additional fees, or remove or delete User Content for those accounts that are found to be in violation of HostGator’s terms and conditions.”

The base-level plan has some compelling options. First, and that is necessary as we transfer ahead in a quest for a safer net, is the supply of free SSL in your website. This provides that little lock icon to your browser’s deal with bar and makes certain visitors between your website and your guests is encrypted.

The firm additionally presents 24/7/365 help which not solely contains ticket and chat however cellphone help as properly. While you’re solely in a position to make use of one area, you should use as many subdomains as you would like. The firm additionally offers a coupon for $100 in Google advertisements and one other $100 in Bing advertisements. While you most likely received’t get sufficient advert hits to cowl your price of internet hosting, it’s going to enable you to get your ft moist on the earth of Google and Bing promoting.

Dashboard entry

The very first thing I love to do when taking a look at a brand new internet hosting supplier is discover their dashboard. Is it an outdated buddy, like cPanel? Is it some form of cobbled-together home-grown mess? Or is it a rigorously crafted customized dashboard? These are sometimes those that fear me essentially the most as a result of they virtually all the time disguise restrictions that I’m going to should work round in some way.

When you first log into HostGator’s dashboard, you’re greeted with their buyer portal. Here you possibly can handle your bank card info, get help, and — most necessary, apparently — purchase the upsell choices they provide.


This isn’t the one dashboard you’ll be utilizing. The foremost dashboard is cPanel, which is frequent to many, many websites throughout the Web. While cPanel may be irritating at occasions, it’s a really succesful interface that allows you to handle all elements of your website.

It took a surprisingly very long time for cPanel to launch, virtually a full minute. What’s a bit extra bothersome, although, is the vary of extra upsells in the midst of cPanel. cPanel is often fairly predictable and seeing virtually as many advertisements and upsells as administration choices have been tedious.


Installing WordPress

There are definitely different content material administration and running a blog functions you should use moreover WordPress. That mentioned, since 32 percent of the entire Web uses WordPress, it’s place to begin. WordPress websites may be moved from internet hosting supplier to internet hosting supplier, so there’s no lock-in. And by testing a website constructed with WordPress, we will get some consistency in our testing between internet hosting suppliers.

I went forward and clicked the Build a New WordPress Site button on the primary cPanel web page… and bought hit with one other web page of upsell promotions:


At $399, costs have been actually beginning to climb from that tasty little $2.75 supply the corporate promoted. The promos on this setup web page didn’t say what theme they’d be putting in. WordPress does include a pleasant set of free themes, and most themes are comparatively cheap. I attempted to determine what the $399 program was for, however so far as I can inform, it’s merely organising WordPress, which is often a couple of five-minute course of.

The distinction between the $199 and $399 program was the addition of search engine optimization and WordPress website safety. To be truthful, most WordPress safety plugins and add-ons price a couple of hundred bucks a 12 months, and there are premium search engine optimization plugins that may price an analogous quantity. But with out going during the checkout, it wasn’t clear what instruments HostGator was offering in return for its virtually $400 of upsell.

My recommendation is to skip these upsells. Simply set up WordPress, get to know your website, after which begin with a instrument like Wordfence or Sucuri to maintain your website protected.

Once I entered my consumer identify and area, I used to be… watch for it… offered with one other upsell:


I went forward and hit the login button, and… it failed:


I took a fast have a look at the File Manager and decided that the WordPress set up seemed to be in place. So, as a substitute of utilizing HostGator’s login button, I simply used the usual WordPress admin URL, which is This labored.

I used to be, nonetheless, not stunned to seek out extra upsells. In this case, the complete foremost dashboard web page — going properly beneath the scroll of the web page — had upsells.


There appears to be an enormous push for utilizing a lot of plugins which might be both freemium or affiliate-based. Jetpack is produced by Automattic, the corporate behind WordPress. It additionally has an associates program.

My guess is that HostGator is pre-installing plugins the place they get some affiliate income. There’s nothing significantly improper with that, however plastering these upsells in the midst of configuration screens is getting outdated.

HostGator additionally dropped in a plugin for one thing referred to as Mojo Marketplace. This, too, had pages and pages of upsells, this time for themes.


With all of the added plugins, junk, and upsell, it’s no marvel that the location initially failed after I hit the location login button from the HostGator dashboard.

Let me be clear. There is nothing improper with utilizing plenty of plugins on a WordPress website. That’s one among WordPress’s greatest strengths. But filling a website with crapware earlier than it’s even dwell is nothing however a distraction, can add a substantial quantity of confusion to new customers, and will trigger potential issues by way of performance. Plus, it’s simply impolite.

Quick safety checks

Security is among the greatest points in the case of working an internet site. You wish to ensure that your website is secure from hackers, doesn’t flag Google, and may join securely to cost engines should you’re operating an e-commerce website of any form. You additionally don’t wish to distribute malware to your guests. That’s bad.

While the scope of this text doesn’t permit for exhaustive safety testing, there are a couple of fast checks that may assist point out whether or not HostGator’s most cheap platform is beginning with a safe basis. Here’s the tl;dr: it’s not. This factor is dangerously insecure.

The first of those fast checks is multifactor authentication. It’s means too simple for hackers to simply bang away at an internet site’s login display screen and brute-force a password. One of my websites has been pounded on for weeks by some hacker or one other, however as a result of I’ve some comparatively robust protections in place, the bad actor hasn’t been capable of get in.

Unfortunately, I’ve to ding HostGator for what I think about a reasonably critical safety flaw. When you log into their buyer portal, all it is advisable to present is a username and password. However, if you wish to ask help questions and get solutions, you do have to arrange a help PIN. This is a partial step ahead. The drawback is that should you’re capable of log into the primary administration account, you possibly can change the e-mail deal with related to it, after which have a brand new help PIN despatched out. The backside line is and not using a second issue for login authentication, the PIN is actually nugatory.

Secondly, in response to the help particular person I reached out to on chat, HostGator’s cPanel implementation additionally doesn’t help multi-factor authentication, at the least within the lower-end accounts.


Multi-factor authentication ought to by no means be an upsell choice or offered just for premium accounts. It takes little or no effort for a internet hosting supplier to allow it. Not solely does it defend the person prospects utilizing the characteristic, however it additionally protects all the shoppers of the internet hosting supplier. That’s as a result of most shared internet hosting servers share IP addresses. If a spammer or scammer hijacks a shared internet hosting account and that account is blocked, it’s solely potential that every one the accounts sharing that IP or that IP’s bigger block of numbers will probably be blocked as properly.

I strongly advocate that HostGator implement MFA for all accounts instantly, for his or her profit in addition to that of their prospects.

I discussed earlier that HostGator offers a free SSL certificates. They’re utilizing Let’s Encrypt, a program that gives free, automated SSL certificates. Let’s Encrypt is enabled by default, so when you arrange an internet site, all it is advisable to do is use your https:// in your URL to supply encrypted URLs in your guests.

As my final fast safety test, I like to have a look at the variations of a number of the foremost system parts that run net functions. To make issues simple, I selected 4 parts essential to secure WordPress operation. While different apps could use different parts, I’ve discovered that if parts are up-to-date for one set of wants, they’re often updated throughout the board.

Here are my findings derived from the HostGator versions page and a nice tech help dialog, as of the day I examined [in July 2019], for HostGator’s Hatchling plan:


Version Provided

Current Version

How Old



7.4.14 (8.0 continues to be a bit new)

moderately present 




8 years / 2904 days (finish of help is Feb 21)




11.3 years / 4124 days


 1.0.1e-fips 11

1.0.2t (and 1.1.1)

7.1 years / 2592 days

The cURL library, which is supposed for information switch, significantly of safe info, is vastly and woefully old-fashioned. A fast have a look at the cURL release table reveals there have been 1000’s of bugs fastened and tons of of vulnerabilities resolved for the reason that model of cURL being offered by HostGator was launched again in 2009. That’s greater than a decade outdated. That could be like strolling round immediately with an iPhone 3GS and operating Windows Vista in your PC!

UPDATE: HostGator informed us, “cURL does list an older raw version, but RedHat/CentOS backport security patches and we update all servers at least daily. This is standard for RedHat/CentOS and expected behavior.” This is definitely a really attention-grabbing course of. Red Hat does go back to older versions of standard Linux software and port security fixes, as HostGator said. However, even with safety fixes utilized, providing a virtually 10-year-old model of cURL will present web site homeowners with ongoing compatibility challenges, significantly with cost gateways.

The firm helps OpenSSL 1.0.1e-fips 11, the place the completely most present model is 1.1.1. The gotcha is that when OpenSSL went to 1.1, it broke lots of code. As a end result, the OpenSSL undertaking is updating each the 1.0.2 department and the 1.1 department. I do know, it’s sufficient to provide you a headache. Here, regardless of all of the model quantity confusion, there’s one truth it is advisable to know: the model of OpenSSL HostGator is supplying can also be vastly old-fashioned.

UPDATE: HostGator informed us, “OpenSSL also lists an older raw version, but again RedHat backports security patches and we ensure daily updates.” This is similar backporting course of Red Hat makes use of for cURL. It implies that whereas safety flaws have been up to date, the model and its compatibility continues to be almost a decade outdated.

HostGator is utilizing model 5.6 of MySQL. While MySQL helps many variations, the most recent is 8.0. HostGator’s MySQL implementation is eight years outdated.

UPDATE: HostGator informed us, “All HG boxes have MySQL 5.6 or higher. The article reports 5.5, which hasn’t been in place for a long time.” While this was the model proven on HostGator’s personal variations web page when the article was written, we’re glad to see MySQL has been up to date.

What’s worse, every of the variations of those packages are beneath WordPress’s minimum requirements

Because MFA isn’t obtainable and since many of those variations (even with backported safety updates) will trigger fashionable software program to fail, we think about HostGator a lower than optimum selection for e-commerce or any security-related website.

Performance testing

Next, I needed to see how the location carried out utilizing some on-line efficiency testing instruments. It’s necessary to not take these exams too critically. We’re purposely trying on the most low-end choices of internet hosting distributors, so the websites they produce are anticipated to be comparatively gradual.

That mentioned, it’s good to have an thought of what to anticipate, and that’s what we’re doing right here. The means I check is to make use of the contemporary set up of WordPress after which check the “Hello, world” web page, which is generally textual content, with simply a picture header. That means, we’re capable of concentrate on the responsiveness of a fundamental web page with out being too involved about media overhead.

One notice: usually I wouldn’t check a website with all of the crapware plugins put in. But since most customers who purchase these plans most likely received’t know tips on how to take away the plugins or which plugins are secure to take away, I examined efficiency with these plugins put in. I absolutely anticipated efficiency numbers to take successful from all that added cruft, however I used to be improper. The efficiency wasn’t bad in any respect.

First, I ran two Pingdom Tools exams, one hitting the location from San Francisco and the second from Germany. Here’s the San Francisco check ranking:


And right here’s the identical website from Germany:


Next, I ran an analogous check utilizing the Bitchatcha service:


Finally, I hit the location with Load Impact, which sends 25 digital customers over the course of three minutes to the location after which measures the responsiveness.


The Load Impact check was additionally considerably surprising. At the start of the check, some web page load occasions took longer than they need to. But because the variety of digital customers climbed, responsiveness settled into a pleasant rhythm.

While lower-end internet hosting plans usually have spotty efficiency, this was exhibiting. Most lower-end plans, together with the one we’re testing, share server assets with different prospects. So, at occasions of heavy exercise, if one website is seeing heavy utilization, the opposite websites could undergo. I’m testing this website on a Sunday afternoon, which is a comparatively gradual interval in website hosting phrases, besides, the efficiency for this bottom-end website was unexpectedly cheap.

Support responsiveness

I solely wanted to contact help as soon as, by the chat interface. I used to be linked to somebody inside about 5 minutes. It took a couple of extra minutes to determine a help PIN, however then I bought my reply shortly.

For a Sunday afternoon, it was a whole, moderately educated reply. I’ve definitely skilled far worse help.

Overall conclusion

You by no means wish to get your expectations too excessive for a bottom-end plan. The economics of operating such a super-cheap providing is that the supplier has to make it up on quantity. Professional and enterprise internet hosting plans with plenty of visitors and efficiency should, out of necessity, price extra.

The solely approach to really know what it’s like to make use of a service is to run a dwell web site on it for a couple of years. That mentioned, I used to be each happy and disenchanted with HostGator’s exhibiting.

I discovered my interactions with HostGator’s buyer portal and cPanel to be sluggish. It usually took 30 seconds to a minute for a click on to course of by to a end result.

On the opposite hand, the efficiency of the location being hosted by HostGator, the location you’re paying for and wish to be extremely performant, was fairly good.

HostGator’s comparatively fixed upsell, particularly inside the configuration and operational elements of the management panel proved intrusive. The firm put in means too many plugins within the default WordPress set up, which not solely brought on the preliminary login to fail, however may make it way more complicated for brand new customers.

Finally, the corporate’s lack of help for contemporary safety protocols and login safety is deeply disturbing. They’re letting tons of of 1000’s of shoppers launch web sites with woefully out-of-date safety software program. Given that the safety libraries are free and open supply, there’s simply no supportable motive for HostGator to be lax on this most necessary facet of Web safety.

The firm presents a 45-day money-back assure, which is cheap.

The backside line is that this: if you wish to arrange a easy web site as an internet brochure, HostGator ought to be fantastic. But if you need customers to log in to or pay for one thing by your website, do not use this plan.

You can observe my day-to-day undertaking updates on social media. Be certain to observe me on Twitter at @DavidGewirtz, on Facebook at, on Instagram at, and on YouTube at

Related Articles

Leave a Reply

Back to top button