Look at the requirements of any applications you want to host and find a host to match. You'll need a host that provides the right server environment or gives you the means to modify it to suit your needs. To run applications like Wordpress and Joomla, you should have Linux hosting with Apache 2.2, PHP 5.x, and MySQL 5.x or higher. I also recommend finding a host that uses or allows you to setup su_PHP for security reasons and convenience. 

Simplifying matters greatly, this is what distinguishes the different hosting types (at 2010 prices) that are discussed in more detail below.

• Use <$10/month Shared Hosting when:
  • you have no budget.
  • you expect <1000 daily visitors and don't expect to see that number grow quickly or to a much higher figure.
  • you don't need to control and maintain your server environment.
  • you are comfortable with how the host is running your server environment.
  • you can tolerate a higher risk of security breaches, downtime, and slow load speeds. (With good load balancing today, quality shared hosts should not have these problems...often.)
  • you are not going to host complex applications, engage in financial transactions or other sensitive data transfer. (You could, but it's generally a bad idea.)
  • you plan to take your own backups or possibly pay an extra fee for a weekly (sometimes daily) backup restore.
• Use $10-25/month Shared Hosting when:
  • you have a low budget.
  • you expect <1000 daily visitors and don't plan to see that number grow quickly or to a much higher figure.
  • you want the host to control and maintain your server environment but want more options and control over it too.
  • you can tolerate a moderately higher risk of security breaches, downtime, and slow load speeds, compared to a well-managed VPS or dedicated server. (This depends greatly on the host's quality. Look for a SLA--good shared hosting has them too.)
  • you are developing or hosting moderately complex web applications but don't expect massive bandwidth usage.
  • you want the host to keep good backups for you. (Good hosts will have a free daily backup restore option.)
• Use an unmanaged VPS when:
  • you can afford $200-400/year for a good server where you're left alone, fully in control.
  • you expect significant traffic and growth, and therefore a need to scale your server's capacity.
  • you or one of your staff will setup and maintain the server.
  • you or one of your staff will be totally responsible for security.
  • you are going to host complex applications.
  • you want a virtually foolproof backup system for your whole server.
  • you want to know exactly what your capacity is with hardware resources at your exclusive disposal.
  • you don't need cPanel, Plesk or Webmin or don't mind paying for them and possibly installing them yourself.
• Use a Managed VPS when:
  • you can afford $300-600/year.
  • you expect significant traffic and growth, and therefore a need to scale your server's capacity.
  • you want the host to setup and maintain your server.
  • you want the host to be responsible for security.
  • you are going to host complex applications.
  • you want a virtually foolproof backup system for your whole server.
  • you want to know exactly what your capacity is with hardware resources at your exclusive disposal.

To work as a business venture, shared hosting has to be oversold. But there is overselling and overselling. The big hosting resellers, like BlueHost, GoDaddy, 1and1, and even Dreamhost oversell far beyond their actual capacity. (Most of the time this works out, but there have been enough failures to harm their reputations.) Not everyone is going to demand their server's resources at the same time, and they know that. If you start to use 50-100GB per day on your bandwidth--which you could easily do with a blog that gets 1,000 visitors a day--you're probably going to have a bad experience with shared hosting and be asked to leave or buy a more suitable package. If the shared hosting you buy offers "unlimited" storage and terabytes of bandwidth, don't take it literally--look at their resource usage policy instead. 

Even under moderate traffic loads, contemporary web applications like content management systems may make heavy use of your shared server resources--processing, memory, databases, bandwidth, storage, etc. Your applications and others like it on the same server may be the ones that bring the server to a crawl, and your site may go offline--or be taken offline by the host--if that happens. Better hosts will keep you going if you're within their terms of service, but you may be asked to upgrade your account. If you expect to grow, think ahead about your options for scaling without having to change hosts, and always optimize for top performance. Unfortunately shared hosting generally doesn't allow you to track and optimize performance with great sophistication, but there is still a lot you can do. (See JoomlaPerformance.com; the advice there is broadly applicable to all Linux/Apache/PHP/mySQL server applications.)

Normally the only limits you have to worry about in shared hosting are on CPU and RAM resources. Hosts usually specify these limits in great detail in the "small print" of a Terms of Use / Acceptable Use / Resource Use policy--which will be subject to change without notice. While every host defines their actual use limits on shared hosting their own way--some are very restrictive and specific while others are vague and non-specific--they will generally exercise tolerance and discretion on a case-by-case basis with their customers. In 2010 a good rule of thumb is to expect a traffic load of  800-1,200 unique visitors/day on a site using a database-driven application like Wordpress (with basic caching in use) will get you asked to upgrade to a more robust plan or go elsewhere.

Ultimately the main drawback on a shared server is that you have no control over its resource availability and can't predict it either. You are sharing one server's resources with a bunch of other websites--maybe 500, maybe 5,000--so you can get a big "bad neighbor" effect. (The highest number of domains pointing to a single server I've ever seen was over 16,000--probably a dumping ground for defunct, untended, seldom-used and moribund accounts someone is still paying for, or else a server where a domaineer/domainer parks their holdings.)

A quality host that doesn't overdo it and is good at load balancing may be more than adequate for most small businesses and individuals who aren't running complex web applications. Use services like domaintools.com to see how many sites are on a single server, and choose hosts that make a point of not overloading. Rochen is especially well-regarded in Joomla circles as a quality, performance-oriented host with packages that include tiers of shared hosting. WebFaction also has a good reputation and offers a lot to web application developers using Django and Rails.

"You get what you pay for" tends to good rule to live by. The big, cut-rate shared hosting resellers get by being "good enough" most of the time for a very large customer base, but they can radically alter in their quality of service over time as they move large swaths of their customers around different infrastructure providers. That said, I've had good experiences with Site5, and Hostgator is highly recommended by many of its users. I've even been told that GoDaddy is adequate, and I have to admit others like 1and1 and BlueHost are not bad for the average low-end user. I would not put anything mission-critical or eCommerce-related on them, but of course many people do. If you're going cheap ICDsoft, AN Hosting, and A Small Orange seem to have good reputations, although MidPhase, which owns AN Hosting, does not.

If you do get into shared hosting, at least be aware of what you're getting into. You've got an apartment at best, some space on a floor of a flophouse at worst, and the mailserver is a common toilet. With too many tenants, or just one who behaves badly, your peace may be shattered. You may be blacklisted as a spammer because someone else on the same server was spamming. You may be hacked because someone else was hacked. You may be knocked offline because someone else's site got a lot of traffic or started using an application with very inefficient code. On the upside, with well-managed shared hosting, you will not need to worry about server administration and highly technical matters. Yet without a basic understanding of what you are getting into, you run the risk of choosing a poor host and doing things that are sub-optimal, from a security and/or performance standpoint. Particularly with servers running PHP as an Apache module, there are some inherently less secure aspects of shared hosting.

Reseller Accounts

One way to beat the main problem with big shared hosting providers--the bad neighbor effect--is to join in the reselling, especially if you want to build more than one site on a single hosting account. You don't actually have to resell anything. 

 Many shared hosting providers offer reseller accounts, which should get you a bigger and clearly specified piece of the shared server pie with fewer (potentially bad) neighbors. A reseller account lets you pick your neighbors, as tenants subleasing their hosting from you, and you can choose to have none. If you buy a reseller account for $20-30/month you may even find it about as good as a VPS for the same or a higher price, and it may even be easier to operate than other packages from the same host. 

I recommend not being a reseller of resellers. If you are going to resell, use a host that owns its own servers. Know what you're doing and add some value to justify your services. A lot of people resell big hosts like GoDaddy or HostMonster, including kids and people who don't really know what they're doing. It's like someone trying to be a landlord without owning a building by subletting apartments they rent from the building owner or even another sublessee. This is a model for business failure and attracting criminal tenants. There are few to no rules or regulations over the industry, so abuse is fairly common. Don't be this, and don't buy this.

If you do use email on a shared hosting account and want your messages to be delivered, buy a dedicated IP and make sure it will apply to your mail accounts to differentiate them from any abuse emanating from your your server and its IP. If there is just one spammer who gets blacklisted on your server, you will be blacklisted too if you're using the same mailserver with the same IP. I've seen this blacklisting problem come up with every shared host I've worked with for long, as well as clustered hosting where IPs are shared. Learn more about this problem and how to evaluate hosts' mailservers at HostJury.com.

Clustered or "grid" hosting distributes your files across multiple servers for better load balancing and to eliminate single points of failure. Other than this, it works like shared hosting.

A dedicated account may be necessary when you have very specialized server requirements, site traffic and use of server resources is high, multiple sites are sharing the same account, and/or email functions are mission-critical and heavily used.

Imagine shared hosting as having an apartment. Hosting on a dedicated server is like owning the whole building. You have full control over the server environment because you have the server to yourself. As the "landlord" you can divide the server and sell shared accounts on it.

Of course you alone are responsible for upkeep, maintenance, and repair of the server stack applications. (If you want complete, physical control, buy your own, get a colocated server.) You'll generally need a good understanding of server applications and the *nix shell even with managed dedicated hosting where the host takes care of updating at least the primary applications in the server stack.

Apart from the freedom to do whatever you want, having a dedicated server is valued for giving you a specific, precisely known quantity of resources that you is all yours and yours alone. So use a dedicated server when you want to buy the whole cow and have exclusive control over and access to a known quantity of processing power, memory, and storage. 

A dedicated server is usually in the $100/mo. range, but there are some suspiciously cheap ones, like ServerPronto, which makes up for the low base prices (as low as $32.95/month) with lots of fees, including an additional $40/month if you want cPanel or Plesk. Low end dedicated hosting is typically around $50 using weaker servers, but this is probably a dying niche market, especially when it means unmanaged servers. A VPS of some type, and cloud hosting in the future will probably be a better choice for most people for a variety of reasons, mainly cost, performance, and ease of use.

Virtual private servers (or "virtual dedicated" servers) are a compromise--less expensive than dedicated hosting on the low end ($200-500/year) but possibly more powerful that comparably priced dedicated plans on the high end ($1000-1500/year).  

A VPS provides you with a lot more power and control than shared hosting: you select, install, and modify your operating system and everything else installed on your server. You also get to pick your hardware resources. You're still only getting a piece of a physical server shared with other customers, so you have CPU and memory limitations. You will need to set up and maintain your operating system and server stack applications yourself unless you have a managed plan.

Some well-regarded unmanaged VPS hosts are LiquidWeb, Linode, Slicehost, and Rackspace Cloud Server. (Rackspace owns Slicehost, and along with LiquidWeb, Rackspace has several of just about every kind of possible plan you could want.)

{youtube}QJncFirhjPg{/youtube}

Server virtualization is a booming industry now, and some of the buzzwords for ways to do it refer to grids, clusters, and clouds. Behind all the jargon and cant, for common hosting purposes the cloud is virtualized, utility hosting with a failover capacity. E.g., pay-as-you-go, pay-only-for-what-you-use type and instant setup or scaling of a server to your specifications. Cloning a server and scaling it up (horizontally) or out (vertically)--more CPUs/memory/storage vs. more servers--is just as simple. And unlike a dedicated or VPS system, if your hardware resources fail for some reason, you will be switched over instantly to others. 

(Some VPS plans have some of these traits also and may be described as "cloud hosting.")

Use "the Cloud" (managed or unmanaged) when you want all the traits of managed or unmanaged dedicated and virtual servers with unlimited, instant scalability (more or fewer server resources) or if you prefer to pay only and exactly for what you use in bandwidth, storage, and CPU time. This is very attractive to developers, learners who want an affordable server sandbox, and anyone hosting applications that will serve a high number of visitors. If bandwidth usage is going to be high, shop specifically with an eye to its cost per provider. 

Rackspace Cloud Sites ($150/mo.) is fully managed cloud hosting where your virtual dedicated resources are derived from a network of servers (for failover and redundancy) and are not limited to a single server's physical resources or uptime. LiquidWeb's Storm and GoGrid offer managed Cloud hosting also. A number of cloud providers focus on catering to SaaS startups and large business enterprises.

It's a bad idea to start doing mass-mail from a shared hosting account, or really any hosting account most of the time. I generally recommend the use of specialized third-party mass-email services such as iContact (which integrates nicely with Joomla! and other web publishing frameworks) for any mass mail needs. A dedicated IP (offered on some shared server accounts) will not protect you from some of the occupational hazards of email in a shared server environment. Even with a dedicated hosting account, why run your own bulk mail applications that can fail on their own, get you marked as a spammer, and leave you to handle all the problems? iContact, MailChimp, AWeber, ConstantContact, InfusionSoft all offer a lot of additional value, mainly analytics and making sure your mail is delivered to people who want it. They also take that much more software off your plate as something you have to manage and maintain.

No matter what else, if you are doing bulk email, make sure you know what you are doing and do not get mistaken for (or act as) a spammer.

Especially if you have a VPS, dedicated, or cloud-based rig, why bother with the added hassle and bandwidth usage of running your own mailserver--and anti-spam solutions? At $50/user per year, Gmail in Google Apps for Business comes with the ability to associate your Gmail account with any address you want with your own domain/s.

It's good to go with a host that understands and caters to the primary web applications you use. Many hosts claim to be familiar with and supportive of all kinds of software, but dig deeper. It's not always true.

The main way a host can truly support PHP/mySQL applications is by not running PHP as an Apache module (mod_php). Running mod_php is the standard practice for shared server hosting, and unless other steps are taken, it will make a lot of important things fail to work in your PHP/mySQL application. For example, it will not be able to write to files and folders, so you won't be able to edit templates or install plugins, templates, etc. Also, performance and/or security can suffer on shared hosting where PHP is run as a module. There are a variety of workarounds, but the best solutions are to dump mod_php and run PHP as a CGI or FastCGI/FCGI process--and use suPHP. A host that truly supports your PHP application will have adopted one of these approaches to running PHP. Ask them about it before you buy.

suPHP forces Apache (the standard *nix http server) to act as your local user, rather than the root user for the whole server. When Apache is root, someone who gains access to Apache has access to the whole server. In a non-dedicated environment, that means one security breach to one account can mean a breach of hundreds of other accounts on the same server. suPHP requires that you run PHP as CGI rather than an Apache module, so this will slow things down a bit but you can then control your own php.ini per site.

Unless you get a free domain along with your hosting package, it's usually cheaper and buys you more power and freedom if you buy your domains from a big domain registration service that specializes in selling domains and nothing else. (By the same token, do not use the "hosting" and email plans offered by domain registrars to do anything of a serious nature.) An exception is Site5, which gives a good deal on domains to holders of their reseller accounts.

Most domain registrars seem to have little regard for good, uncluttered interfaces, so you'll just have to deal with that. Often their main business is playing casino operator to "domaineers" who buy domains in bulk and resell them, or in fighting for all the small time customers via Superbowl ads that have nothing to do with anything. Currently I am satisfied with the unfortunately long-named ez-domainnameregistration.com which lets you do about anything you need to do with your domains without extra fees. The only real annoyance is the way their checkout system is cluttered with extra offers and forces you to accept a recurring payment subscription if you use PayPal. (This subscription can be deleted at PayPal.)