Editor’s Note (April 2026): This article was first published in May 2020, when the website hosting market looked very different and the threats facing UK businesses were a fraction of what they are today. Six years on, I’ve decided to refresh the piece with a fully updated 2026 perspective. The original article sits below for context, lightly tidied but otherwise unchanged. The principle behind it, though, is more relevant than ever.
When I first wrote this article in May 2020, the average UK business owner thought of website hosting as a one-line cost on a spreadsheet. Cheap was good. Cheaper was better. Six years later, that thinking is starting to look genuinely dangerous.
The threats have multiplied, the consequences have escalated, and the gap between budget hosting and properly managed business hosting has widened into a chasm. Yet the marketing message from low-cost providers hasn’t really changed. You’ll still see promises of “unlimited” everything for a few pounds a month, with the small print quietly transferring all the risk back onto you.
This article is about that gap. What it actually looks like in 2026, why it matters more than ever, and what to ask your current provider before something goes wrong. As I said back in 2020, and as I’ll say again now: not all website hosting is created equal.
What's changed since 2020
The simplest way to put it: the volume of attacks has gone up, the sophistication has gone up, and the cost of getting it wrong has gone up. Every part of the equation has moved in the wrong direction for businesses still relying on entry-level hosting.
Here’s what’s actually shifted:
1. Attacks are now largely automated and AI-assisted. In 2020, a typical website attack was the work of a person or a script. In 2026, attackers use AI to generate phishing campaigns, craft malware variants on the fly, and probe websites at industrial scale. Your site doesn’t need to be famous to be a target. It just needs to exist.
2. Plugin and supply chain attacks have exploded. WordPress alone runs around 43% of the web, and the plugins that power most sites have become the favourite back door. A compromised plugin update can infect tens of thousands of sites overnight, and the host you chose plays a huge part in whether your site gets caught up in it.
3. Ransomware has become a service. Criminals no longer need technical skills to launch attacks, they can simply rent the tools. That’s pushed the volume of ransomware attempts on UK SMEs into territory that would have looked unthinkable in 2020.
4. Compliance has caught up. Cyber Essentials is now a baseline requirement for many UK contracts, GDPR enforcement has matured, and data sovereignty is no longer a topic just for enterprise IT teams. Where your site lives, who can access it, and how it’s backed up all carry legal weight now.
5. The cost of downtime has risen. More of your business runs through your website than it did six years ago. Forms, bookings, integrations, customer logins, payments. When your site goes down, more of your business goes with it.
The result is simple. The standard of hosting that was acceptable in 2020 is no longer fit for purpose in 2026.
What "Not Equal" Actually Means in 2026
So what does fit-for-purpose business hosting actually look like today? It comes down to five things, and most low-cost packages fall short on at least three of them.
1. A real backup strategy, not a tick-box. A backup that lives on the same server as your website is not a backup. It’s a single point of failure. Proper business hosting includes daily, automated backups stored off-site, ideally in immutable form so they can’t be tampered with, and tested regularly to make sure they actually restore. If your provider can’t tell you when your last backup ran, where it lives, and how quickly it can be restored, you don’t have a backup strategy. You have a hope.
2. Security at every layer. A single security plugin on your website is no longer enough. Real protection now means a web application firewall sitting in front of your site, server-level malware scanning, isolated environments so a problem on one site can’t spread to others, and continuous monitoring that catches suspicious activity in real time. Security isn’t a feature you bolt on at the end. It’s the foundation everything else sits on.
3. Infrastructure built for performance and resilience. Cheap hosting works by cramming as many websites as possible onto a single server. When one of those sites gets a traffic spike, hit by an attack, or simply runs poorly written code, every site on that server suffers. Proper business hosting controls how resources are allocated, builds in failover so a single hardware fault doesn’t take you offline, and is sized for the work you’re actually doing.
4. Support that responds when it matters. This was the central point of the original 2020 article and it hasn’t aged a day. When your site goes down at four o’clock on a Friday afternoon, the question isn’t whether your provider has a support team. It’s whether anyone will actually pick up the phone, and whether they’ll have the technical skill to fix the problem. Ticket queues and chatbots are not the same thing as a human who knows your business.
5. Data sovereignty and compliance built in. Where your data is physically stored matters. Who has access to it matters. Whether your provider can demonstrate compliance with UK regulations matters. For any UK business handling customer data, this is no longer optional. If you’re not sure where your website actually lives or who could legally access it, that’s something to fix today, not next year.
Each of these on its own would be enough to justify moving to a properly managed business host. Taken together, they’re the difference between a website that’s an asset and a website that’s a liability waiting to happen.
Six Questions to Ask Your Current Hosting Provider Today
If reading this has made you wonder where your own hosting sits on the spectrum, here are six questions to put to your current provider. Send them by email and keep the reply on file. Their answers, or their reluctance to answer, will tell you everything you need to know.
1. When was my last backup, and where is it stored? A confident provider will give you a specific time, a specific location, and a clear explanation of how the backup is protected from tampering. A vague answer, or worse, a question back to you, is a warning sign.
2. How quickly can you restore my website if it goes down today? “It depends” is not an answer. You should expect a clear time commitment, ideally measured in hours rather than days, and a clear process for how it actually happens. If your provider’s restore process involves manual file copying and a hopeful prayer, you’re carrying risk you don’t need to.
3. What security is included as standard, and what costs extra? Cheap hosting often presents security as an upgrade. Real business hosting builds it in. Ask specifically about web application firewalls, malware scanning, brute-force protection, and how isolated your site is from others on the same infrastructure.
4. Where is my website physically hosted, and who has access to it? This is the data sovereignty question. For UK businesses, the answer matters legally as well as commercially. If your provider can’t tell you which country your data sits in, or who could lawfully access it, that’s a problem regardless of how cheap the package is.
5. What happens when I need to speak to a human? Ask for the support phone number. Ask what hours it’s staffed. Ask whether the person who answers will have the skill to actually solve a problem, or whether they’ll just open a ticket and pass it on. The difference between a five-minute call and a five-day ticket queue is enormous when your business is offline.
6. If I wanted to leave, how easily could I take my website with me? A good provider will answer this confidently and helpfully. A provider who treats this question as a threat is telling you something important about how they view the relationship.
If your current provider can’t give clean answers to all six, it’s worth a conversation about migration before something forces the issue.
For the Record, What 127 Media Does Differently
The 2020 version of this article ended with three short bullet points. They still hold true, but they don’t tell the full story of what proper business hosting looks like in 2026. Here’s the updated version.
Backups that actually work. Every site we host runs on a daily automated backup routine, with copies stored off-site and protected from tampering. We test restores regularly, because a backup you’ve never tested is just a file. If the worst happens, we can have a clean version of your site back online in hours, not days.
Security built in from day one. A web application firewall sits in front of every site we host. Server-level malware scanning runs continuously. Sites are isolated from each other so a problem on one can’t spread. Real-time alerts tell us about attempted breaches as they happen, not days later when someone notices the site is acting strangely.
Infrastructure sized for the job. We don’t oversell our servers. Resources are allocated properly so your site isn’t fighting for space with hundreds of others. For clients running busier sites or eCommerce, we provide dedicated environments rather than shared ones, because some workloads simply shouldn’t share a server.
Support that picks up the phone. When you call us during business hours, you get a human who knows your site. Not a ticket number. Not a chatbot. Not a queue. We’ve held that standard since we started in 2014, and we have no intention of changing it.
UK hosting for UK businesses. Our infrastructure is UK-based, which keeps your data within UK jurisdiction and simplifies compliance. For most of our clients this is a quiet reassurance rather than something they think about daily, but when it matters, it really matters.
A migration process that takes the pain away. If you’re reading this and recognising your current setup in the warning signs, the good news is that moving to better hosting is genuinely straightforward. We handle the technical side, coordinate the cutover, and aim for zero downtime. The hardest part is usually the decision to do it.
Six commitments. No small print. No surprises.
Ready to Find Out Where Your Website Hosting Really Stands?
If this article has raised more questions than answers about your current setup, that’s not a bad place to be. It means you’re paying attention, which is more than most business owners do until something goes wrong.
The simplest next step is a no-pressure conversation. Send us those six questions you put to your current provider and we’ll talk you through how we’d answer each one. If your existing setup is solid, we’ll tell you. If it isn’t, we’ll explain exactly what we’d do differently and what a move would look like.
Migration is genuinely painless when it’s handled properly. We’ve moved lots of sites over the years, from tiny brochure sites to busy eCommerce platforms, and the process is now well rehearsed. Most clients are surprised by how little they have to do.
Call +44 1704 332127, email info@127media.com, or use the contact page. We’re based in Southport, we’re UK owned, and we’ve been doing this since 2014.
Not all website hosting is created equal. Make sure yours is on the right side of the line.
Original Article, First Published May 2020
What happens when your website gets hacked? Can your current website hosting provider get you back up and running as quickly as possible and with the minimum of fuss?
It’s been a while since I put my hands on the keyboard to write a blog, I always have good intentions of doing regular blog posts but due to the nature of our work and dealing with other people’s businesses on a day-to-day basis, it generally gets overlooked.
Anyway, a recent situation has put this back at the top of the priority list, so I’d like to share this cautionary tale with you.
One of our web clients has their WordPress website hosted…Elsewhere…and elsewhere had a problem.
What was the problem I hear you ask?
Well, their site had been subject to a hack and was dead. Not only that, but the hackers had also redirected the site to a malicious one, which had their customers clicked on it, then they would also be infected and consequently liable to being hacked.
We knew that our customer’s website was hosted by their IT company, so we immediately requested a backup of the site to restore it, but they didn’t have one, we asked what their backup regime was – and – they didn’t have one.
They had no backup and no backup routine in place, but the third-party website hosting didn’t have one either. The customer hadn’t bought backups with their package.
The reason for this was cheap website hosting with no guarantees.
Website hosting may appear the same on the surface but under the bonnet, not all things are created equal.
In this scenario, the customer website had no chance of being returned to its former glory and would have been dead forever. Also, the longer the site was down and re-directed to a malicious site, the harder it would be to recover from reputation damage.
So, what did we do?
First, we took a copy of the site from some weeks before and installed it on a laptop that wasn’t connected to the internet. Then, we ran a malware scan, isolated the cause of the infection, and removed it.
Then, we set up a website hosting account on our server and set about the migration process.
Following a successful migration, we installed some security software on the site, which, in conjunction with the security software on the server, offers greater overall security. It provides real-time alerts that notify us of attempted security breaches and a daily report of potential threats.
We also have a daily backup routine in place, which provides a full site backup, so if this happens again, we can be back up and running with a clean site sooner rather than later.
Keeping any website fully secure, with so many hackers trying to find loopholes in broken plugins and old and out-of-date sites.
One thing you can do today to help yourself is to check if your current website hosting provides the level of support you need to protect your website. With the ability to get it back up and running with minimal fuss, should the worst happen?
If you take anything from this, let it be this: Not All Website Hosting is Created Equal. Check your website hosting and its resilience and don’t let this happen to you.
For the record…
• All our servers come with built-in resilience.
• We won’t put a site or server out there without a backup strategy in play from Day 1.
• and the Return To Live won’t be 72 hours.
