The online world is like a ruthless dungeon filled with hackers and spammers. According to Forbes, Google blacklists 10,000 websites each day. Even big companies are prone to cyber attacks. How much more with the startups? No one is safe. Customers should be protected from these vicious attacks.
You can’t Give, what you don’t Have! If the website of the web host failed the Security tests, they can’t make their customers website pass the tests. Based from study, to Optimize the Security of the WordPress website, it must be Optimized manually, and use the Cloudflare CDN. You can’t improve the Header Security and MDN HTTP Observatory tests by simply changing the Web Host. Because most web hosts, host the website “As It Is”. If no Website Optimization done by the web developer, then expect a failed Security test.
Below is the Header Security and MDN HTTP Observatory tests of the website of the 40 popular Web Hosts.
| Rank | Company | Header Security | MDN Grade | MDN Score | MDN Test Passed |
|---|---|---|---|---|---|
| 1 | LiteSpeed Host | A+ | B+ | 80 | 9 |
| 2 | MochaHost | A | B+ | 80 | 9 |
| 3 | ScalaHosting | A | B | 75 | 8 |
| 4 | Google Cloud | A | B | 70 | 8 |
| 5 | IBM Cloud | A | B | 70 | 7 |
| 6 | A2 Hosting | A | F | 0 | 5 |
| 7 | Contabo | B | B | 70 | 8 |
| 8 | Ionos | B | B | 70 | 7 |
| 9 | NameHero | B | C | 50 | 7 |
| 10 | AWS | C | A | 90 | 8 |
| 11 | Hetzner | C | B | 75 | 9 |
| 12 | SiteGround | C | B | 70 | 8 |
| 13 | Hostwinds | C | C | 55 | 8 |
| 14 | Vultr | C | C | 50 | 7 |
| 15 | InterServer | C | C | 50 | 7 |
| 16 | InMotion | C | C- | 45 | 5 |
| 17 | BlueHost | C | D | 30 | 6 |
| 18 | Hostinger | C | D+ | 40 | 6 |
| 19 | GreenGeeks | C | D- | 25 | 8 |
| 20 | Z.com | C | F | 0 | 6 |
| 21 | LiquidWeb | D | C | 50 | 7 |
| 22 | FastComet | D | C- | 45 | 7 |
| 23 | OVH | D | D+ | 40 | 5 |
| 24 | UpCloud | D | B | 70 | 8 |
| 25 | Namecheap | D | C+ | 60 | 6 |
| 26 | WP Engine | D | C | 55 | 7 |
| 27 | DigitalOcean | D | C | 50 | 7 |
| 28 | HostPapa | D | C | 50 | 7 |
| 29 | AccuWeb | D | C | 50 | 7 |
| 30 | Alibaba Cloud | D | D | 30 | 6 |
| 31 | CrazyDomains | D | D | 30 | 6 |
| 32 | JustHost | D | F | 20 | 6 |
| 33 | GoDaddy | D | F | 10 | 5 |
| 34 | Cloudways | F | C | 50 | 7 |
| 35 | MilesWeb | F | D | 30 | 6 |
| 36 | TMDHosting | F | D | 30 | 6 |
| 37 | DreamHost | F | D- | 25 | 5 |
| 38 | 123 Reg | F | F | 0 | 3 |
| 38 | iPage | F | F | 0 | 4 |
| 40 | HostGator | C | D | 30 | 6 |
Note:
Header Security is the Primary rank and followed by the MDN Grade. Because the MDN Grade has error on the Content Security Policy Report Only which gets a 0 score instead of -20. CSP Report Only means No CSP which is detected by the Header Security Test.
LiteSpeed Host is the most Secure website based from the Header Security test. Unlike the Traditional Web Hosts which host the website “As it is”, LiteSpeed optimizes the WordPress website, uses the LiteSpeed server and Cloudflare CDN. This result to A+ Header Security and B+80 MDN HTTP Observatory rating.
