Having a hosting account limited due to resource overages, or even locked or terminated has become a common occurrence. 99% of the time the host is in the right. But, their fix for the problem could be a rip off. Discover what your responsibilities are as a site owner and how to not get upsold or shut down.
This post was last updated 1/23/16
Stop Ranting, Start Owning
I’m in a lot of groups and forums that deal with WordPress, hosting, security, SEO, and performance.
I stand amazed and stunned at what site owners blame their host for.
These are the 3 most common rants I hear :
- I keep getting notices that my site is being limited due to overages.
- I got a warning my site has been locked and I can’t access it until I purchase a bigger account.
- My account was terminated without warning.
Why This is Happening
Botnet and DDoS attacks began to become bigger and more frequent in early 2013. Then in March 2014 the highest sustained bot attack in history began and lasted for nearly a year.
The stress of these attacks surfaced the weaknesses in the whole system, including sites with no protection, hosts without enough protection, and the outdated hubs that all Internet traffic runs through.
Hosts are doing what they have to in order to protect the servers. That includes investing in their infrastructure to mitigate attacks.
It also includes shoring up the problems from within, meaning sites that have zero protection and have turned into something resembling a roach infested apartment. They are crawling with bad bots and put their own site, the whole server, and all other sites on that server at risk.
To keep everything running, hosts have had to lower the ceilings on usage, and/or get super serious about enforcing them.
By late 2015, some hosts began changing code and/or adding plugins to sites, all without the knowledge or permission of the site owners. They have also enforced mandatory updates for WordPress and plugins by doing them in bulk, again without the site owner’s knowledge or permission.
Hosts don’t want to lose customers. But they do have to protect their infrastructure. And they need you to be a responsible site owner to help them do that.
Let’s take a look at how this works.
Limits Due to Overages
The host is trying to get your attention that there’s a problem on your site. They’re giving you an opportunity to fix it before they take further action.
If email and other notifications don’t get your attention, then maybe your site being down periodically will.
The fixed limit resources you rent from the host include:
- CPU
- Physical Memory
- Virtual Memory
- File Space
If you run over the allotment you paid for, the host has to limit your site’s access to those resources for a period. Usually it’s about 10-15 minutes at a time.
The host wants your site to be available at all times. They want the same for every other site on the server.
If some other site on the server is trying to hog all the covers, aren’t you glad the host limits them so your site is not out in the cold too?
What Causes Overages
For the CPU, Memory, it’s almost always plugins. Some are real resource hogs.
The worst are:
- Any plugin with logs – security, redirects, popular posts, related posts
(these hog your database too!) - Public-facing – social media posts, big images like sliders
For Space it’s almost always inode connections from:
- Old emails
- Backups stored on site
- Bloated databases (plugin logs)
Another serious issue with space is that there may not be enough room in the account for backups to run, both yours and the ones from the host.
Overage Notifications
Most good hosts will send an email notification for overages.
Be sure the email on your hosting account is up to date. And it’s best not to use a domain-related email. Domains can come and go, and it’s attached to your site. Use a personal Gmail account or one through your ISP, and be sure you check it.
Some hosts “hide” the notifications in the cPanel. Bluehost is bad for this. It’s buried in a place few folks ever look.
Some hosts offer a resource meter via cPanel. Be sure yours tells you something worthwhile. During site audits I’ve seen 24 hour snapshots of resources, but no way to compare patterns across time. That’s worthless. But even worse, I’ve seen many accounts where only bandwidth stats were available.
Now, you’ll only likely find these stats on shared hosting. If you’re on Managed VPS, you won’t see them because of the way the resources are divided across the server. It’s not something the host can change.
Traffic
There are two kinds of traffic – from humans and from bots.
There are good bots and bad bots.
All three of these will eat up resources on your site.
It takes way more than looking at page hits or simple visitor counts to determine your traffic and whether they are human or bots.
Most hosts provide AWStats via the control panel. Scroll toward the bottom and look at your bot hits. They will far outweigh your human traffic.
Google Analytics won’t tell you any of this info. So, if you’re relying solely on those stats, you’re missing a big part of the picture. Google only tells you what Google bots found and filtered.
Stop the Bad Bots
It’s up to you to stop the bad bots from hitting your site. The host can only do so much, especially on shared hosting. They can’t restrict access for everyone because the site sitting right next door to you may be getting legit traffic from the same country that is sending you bad bot hits.
Anti-bot plugins on the site are a waste of time. The bot still has to hit your site to activate the plugin. I am no fan of the behemoth security plugins for this, as they chew up more resources than they save.
Way better to turn the bots away before they ever get there with a firewall prior to your site. I use and recommend CloudFlare. Even their free tier has some modicum of bad bot protection.
Account Terminated Without Warning
If you didn’t get a notification before termination, are you sure they didn’t send it?
- Did it go to a bad email address?
- Do you check that email address?
- Did it go to spam?
- Is it buried in the control panel?
- Have you ever even logged into your control panel to see what’s going on?
Before you blame the host, be sure you check all of the above first.
Call your host if you have to and ask them how they would let you know.
Site Locked, Get Bigger Account
Hosts can’t stay in business by losing customers. But, most are not in the business of securing or running your site for you.
It’s your responsibility as a site owner to keep your site running clean and safe.
If you disagree with that, try this. Do you think it’s the responsibility of a strip mall owner to provide security and basic “how to run a store” support for the store owner? Of course not. And it’s not the host’s responsibility to tell you how to run a site.
So, if your site is constantly hitting resource limits, they are not going to tell you to change anything on the site or how to find what’s causing it. They are going to upsell you.
I saved one of my site audit clients $2400/yr in hosting costs that she took due to this overage/up sell tactic.
Even hosts who say they are WordPress friendly don’t help you with some of this. Be sure to check what comes in that WordPress package before you jump into that type of hosting. It’s expensive and you don’t want to be lured into a false sense of security that they are taking care of everything if they’re not. FYI, the more they do for you, the more expensive it is! And you still have certain responsibilities they don’t do for you.
Avoid the Up sell
If you go to a bigger hosting package due to overages, what you’re actually doing is renting a bigger house for the rats to roam.
You’re not fixing the underlying problem.
It’s likely that the next jump up will be VPS. Don’t do it. If anything, go to Managed VPS. The difference is extreme. With VPS, you have to be your own server admin. With Managed VPS, the host takes care of all of that for you, and then you can customize if you want from there.
The cost difference is significant. Any type of VPS is a big cost jump from shared. The average is around $80/mo.
A site audit is way cheaper. And, you get to see the real problems so you can get them fixed. That’s far better all the way around. You have a safer site for yourself and all those around you.
If your site has been locked, then you may need to step up to the bigger account temporarily so you can access it. Immediately get an audit, get the problems fixed, and step back down to the lower rate if you can. Or, if you actually do have enough human traffic to warrant the bigger account, then so be it. But find out!!
Take Responsibility for Your Site
In one group I’m in, I saw someone ranting about their host. I offered to do a site audit, and if the site owner was truly not to blame, it would be free. If the problem was on the site, they would pay for the audit and publicly apologize to the host.
I put my money where my mouth was on that post because I knew it was a winning bet. From the way he was complaining, I knew that he had not take proper measures to shore up his site security or bot directives.
Is the Host Always Right
No. In another group I’m in, I saw someone ranting about overages and he had to do the equivalent of a site audit and give those stats to the host to prove it. That’s rare, but does happen.
But, without an audit, you have no idea what’s going on and don’t have a leg to stand on.
Site Audit Findings
26
That’s how many security holes I find on average. Most are not on the site. They’re in the account setup, which is the very foundation of the site. And no scanner finds them all!
12-60
That’s how many resource and performance drains I find.
In a recent audit, a client shaved 7 seconds off her load time. It took her all of 10 minutes to make the changes herself. Many times, it’s just knowing what to change. That’s what a site audit does for you.
A site audit puts you, not your host, in the driver’s seat with your site.
So, until you know exactly what’s happening with your site, stop blaming your host. You’re just showing your ignorance when you publicly blast those rants on social media.
Do an audit yourself or hire someone. But get it done BEFORE your account gets limited or terminated, or you get upsold to a bigger hosting account.
