Web hosting and website security are two topics that most Irish SME owners glaze over and hand entirely to their web developer or IT person. That's understandable — they're technical subjects. But some basic knowledge here protects your business in ways that nothing else can.
This guide cuts through the jargon and explains what actually matters for a typical Irish SME — what hosting you need, what security basics are non-negotiable, and what the red flags look like when something is wrong.
What Web Hosting Actually Is
Your website lives on a server — a computer connected permanently to the internet, somewhere in a data centre. Hosting is the service of renting space on that server. When someone visits your website, their browser connects to that server and retrieves your website files.
The quality of your hosting affects three things your business cares about: uptime (is your site available when people try to visit it?), speed (how fast does it load?), and security (how well is it protected from attack?).
Types of Hosting and What Irish SMEs Actually Need
Shared Hosting
Your website shares a server with potentially hundreds or thousands of other websites. It's the cheapest option — typically €3–€10/month. For very small or low-traffic websites, shared hosting is adequate. The risks: performance suffers when other sites on the same server get busy, security breaches affecting other sites can sometimes affect yours, and customer support is often poor.
VPS (Virtual Private Server)
A portion of a physical server allocated exclusively to your account, with dedicated resources. Much more stable and better performing than shared hosting. Typical cost: €15–€50/month. Suitable for most growing Irish SMEs. Requires some technical knowledge to manage, or you pay for managed VPS where the provider handles server maintenance.
Managed WordPress / Managed Hosting
A hosting environment specifically optimised and maintained for your CMS (WordPress, for example). The provider handles updates, backups, security patching, and performance. More expensive than basic shared hosting but removes significant maintenance burden. Worth considering for businesses that rely heavily on their website and don't have technical staff.
Cloud Hosting
Resources scale automatically based on demand — you pay for what you use. Suitable for websites with variable or unpredictable traffic. Typically more expensive for stable, predictable SME websites than VPS but provides better uptime guarantees.
A managed VPS or reputable managed hosting plan in the €20–€60/month range. Cheap shared hosting is a false economy — the cost of a website going down during a busy period, or being hacked and having to rebuild, far exceeds the few euros saved per month. Your website is a revenue-generating asset. Treat it like one.
Uptime: What It Means and What to Expect
Uptime is the percentage of time your website is available. Providers typically quote 99.9% uptime in their service agreements. What does that actually mean in hours?
- 99% uptime = up to 87.6 hours of downtime per year (unacceptable)
- 99.9% uptime = up to 8.76 hours of downtime per year (reasonable minimum)
- 99.99% uptime = up to 52.6 minutes per year (enterprise-grade)
For most Irish SMEs, 99.9% uptime is adequate. Be sceptical of providers who don't publish uptime guarantees or who offer "unlimited" everything at very low prices — both are red flags for oversold, unreliable hosting.
SSL and HTTPS: Non-Negotiable
SSL (Secure Sockets Layer) is the technology that encrypts data between your website and your visitors' browsers. You can tell a site has SSL because the URL starts with https:// rather than http://, and browsers show a padlock icon.
Why this matters for your business:
- Trust — Google Chrome shows a "Not Secure" warning for non-HTTPS sites. Any visitor who sees this is given an immediate reason to distrust your business.
- SEO — Google uses HTTPS as a ranking signal. Non-HTTPS sites rank lower.
- GDPR compliance — if you collect any personal data via your website (including contact form submissions), that data must be transmitted securely. Without HTTPS, you're potentially non-compliant.
- Payment security — any website that processes payments must have HTTPS. This is an absolute requirement of payment processors like Stripe.
SSL certificates are free via Let's Encrypt and available on virtually every modern hosting plan. There is no excuse for running a business website without HTTPS in 2025.
Common Website Security Threats for SMEs
Brute Force Attacks
Automated bots attempt thousands of password combinations to gain access to your website admin panel or hosting control panel. Protection: use strong, unique passwords (a password manager helps), enable two-factor authentication wherever possible, and limit login attempts on your CMS.
Outdated Software Vulnerabilities
WordPress plugins, themes, and CMS core files have known security vulnerabilities that are patched in updates. Sites running outdated software are actively targeted by automated scanners looking for these vulnerabilities. Protection: keep everything updated. Set updates to run automatically where possible, and review your site's update status monthly.
Malware Injection
Once attackers gain access — via brute force, outdated software, or a compromised plugin — they inject malicious code into your website. This code can redirect visitors to malicious sites, steal data, or use your server to send spam. Signs of infection: Google Search Console warnings, unexpected redirects, visitors' antivirus software flagging your site, or your hosting provider suspending your account.
Phishing via Your Domain
Attackers sometimes compromise websites to create fake login pages that steal visitor credentials. This is particularly dangerous for businesses whose customers log in to portals or accounts on their website.
DDoS Attacks
Distributed Denial of Service attacks flood your server with traffic until it can't respond to legitimate visitors. Small Irish SMEs are rarely targeted specifically, but shared hosting providers are sometimes targeted, which can affect all sites on the server.
GDPR and Website Security
Under GDPR, any personal data you collect via your website — name, email, phone number from contact forms, IP addresses from analytics — must be stored and transmitted securely. As the data controller, you are responsible for:
- Transmitting data over HTTPS (encrypted)
- Storing data securely on your server or with third-party processors who meet GDPR standards
- Having a privacy policy that accurately describes what data you collect and why
- Implementing cookie consent where tracking cookies are used
- Being able to delete personal data on request
A security breach that exposes personal data is not just a technical problem — it's a regulatory event that may need to be reported to the Data Protection Commission within 72 hours. The DPC has issued fines to Irish businesses for data breaches.
Backups: Your Safety Net
Every Irish SME website should have regular, automated backups stored off-server. "Off-server" is important — if your server is compromised or fails, backups stored on the same server are useless.
A sensible backup schedule for most SME websites:
- Daily full backup of files and database, retained for 30 days
- Weekly backup retained for 3 months
- Monthly backup retained for 1 year
Test your backups. A backup that can't be restored is not a backup. At minimum, quarterly restore a backup to a staging environment to confirm it works.
What to Look for in a Hosting Provider
When evaluating hosting for your Irish SME website:
- Clear uptime guarantee — 99.9% minimum, in writing
- Automatic SSL — included at no extra cost
- Daily backups — automated and off-server
- Irish or EU data centres — for GDPR compliance, data processed and stored in the EU is simpler
- Responsive support — test their support channel before committing; slow support during a website crisis is extremely costly
- Clear ownership — you own your domain name and your content, regardless of who hosts it. If a hosting provider won't give you a clear answer on this, walk away.
Red Flags to Avoid
- No uptime guarantee or SLA in the contract
- SSL certificates sold as a paid extra rather than included
- No backup solution included (or backups only available for an extra fee)
- Control panel access not provided to the client
- Domain registered in the agency's name rather than yours
- No clear data processing agreement for GDPR purposes
Practical Security Checklist
Without requiring technical expertise, your website security checklist should include:
- HTTPS is active and all pages load via https://
- WordPress / CMS, plugins, and themes are up to date
- Admin login uses a strong, unique password and two-factor authentication
- Daily backups are configured and stored off-server
- You own your domain name and have access to its DNS settings
- Google Search Console is set up (it will alert you to security issues)
- Privacy policy and cookie consent are in place
These seven items cost nothing beyond the time to verify them, and they cover the vast majority of security and compliance risk for a typical Irish SME website.
Need Help With Your Website's Hosting or Security?
Shuppa provides managed hosting, security setup, and website maintenance for Irish SMEs — so you can focus on running your business without worrying about the technical side.
Get in Touch