Hosting FAQ

Shared hosting is a hosting plan with a preconfigured web stack (Apache/Nginx, PHP, MariaDB) and an admin panel — you get no root rights but entry prices from approx. €1.29 per month. A VPS (Virtual Private Server) is your own virtual machine with root SSH access, free OS choice and guaranteed CPU/RAM shares — typically from €3 per month. A standard WordPress site below 5,000 visitors per day is fine on shared hosting; the moment custom services, containers or performance tuning matter, a VPS is the right pick.

A root server (dedicated server) is worth it as soon as you sustain 70 % or more CPU load on a VPS, run latency-critical workloads (game servers, high-frequency databases) or have compliance rules that forbid sharing hardware. Rule of thumb: a €25/month VPS delivers roughly 30 % of the performance of a €60/month root server — if you need the power around the clock, the root server is cheaper and more stable per delivered unit.

Cloud servers are virtual machines with API control and per-second billing — you spin instances up and down at any time and combine them with managed storage, snapshots and load balancers. A classic VPS has a fixed monthly tariff and fixed configuration. Cloud servers pay off for fluctuating loads, short experiments and CI workers; long-running predictable workloads are usually 30–50 % cheaper on a fixed VPS.

Check six signals: (1) imprint with a legally serviceable address and VAT ID in the EU; (2) Data Processing Agreement (DPA / AVV) under Art. 28 GDPR available in the customer portal; (3) server location inside the EU explicitly stated; (4) ISO 27001 certification of the data centre; (5) public status page with historical incidents; (6) verified customer reviews (Trustpilot, eKomi) with volume >100 and average >4.0. A provider missing three of these is unsuitable for business-critical projects.

Promo prices typically cut monthly cost by 30–60 % but tie you to 12 months with automatic renewal at the list price. Worth it if the project will run for at least 18 months and you can cancel two months before renewal. Not worth it for test or prototyping setups because the renewal surcharge quickly neutralises the saving.

A WordPress site below 5,000 visitors per day runs comfortably on 1 vCPU + 2 GB RAM (classic shared hosting is enough). 10,000–50,000 visitors per day: 2 vCPU + 4 GB RAM (VPS tier 1). Over 50,000 visitors per day: 4 vCPU + 8 GB RAM with a caching plugin (LSCache, WP-Rocket, Redis) and ideally a CDN. A WooCommerce shop installation roughly doubles RAM requirements over plain WordPress due to session handling and cart operations.

The integrated backup covers the typical scenario — hardware failure or accidental deletion of a single file. It does not replace an off-site backup following the 3-2-1 rule: if the entire provider fails (insolvency, account suspension, data centre fire), the integrated backup is gone too. For business-critical data add a second backup target at a different provider — cheap via BorgBackup or restic onto a storage box at an independent host.

GDPR-compliant hosting is not a certification but a setup bundle: (1) server location inside the EU/EEA or a third country with an adequacy decision; (2) signed Data Processing Agreement under Art. 28 GDPR; (3) documented technical and organisational measures (encryption, access control, backup, deletion policy); (4) avoidance of opaque US sub-processors that are problematic after Schrems II. Providers with a clear profile: netcup, Hetzner, Cloud86, IONOS, 1blu.

Reputable European providers offer the DPA digitally in the customer portal — usually under 'contract data', 'data protection' or 'sign DPA'. netcup, Hetzner and IONOS provide a click form you fill out with your company data and save as PDF. Without a signed DPA processing personal data is formally unlawful — fines up to €10 million or 2 % of annual turnover.

Yes, HTTPS has been the de-facto standard since 2018 — without a valid certificate all modern browsers warn the visitor, and Google does not rank HTTP-only pages anymore. For 95 % of all websites a free Let's Encrypt DV certificate is enough, issued and renewed every 60 days automatically by Caddy, Certbot or the hosting panel. Paid OV/EV certificates (€50–500/year) only make sense for banks or authorities with explicit compliance requirements.

DDoS protection works on three layers: (1) provider edge filter — netcup, Hetzner, OVH and Cloud86 include basic filters (Voxility, VAC) for free and absorb typically 10–1,000 Gbps of volumetric attacks; (2) CDN/WAF layer like Cloudflare or Bunny — free for standard sites, paid pro plans from €20/month for rule-based application-layer filtering; (3) architecture — no expensive endpoints without rate limit, idempotent health checks, autoscaling backend pools.

Preparation (T-14 to T-1): drop the TTL of all DNS records to 300 seconds, copy all content/databases to the new server, full functional test there using a hosts-file override. Cutover (T0): final database sync, switch the A/AAAA record, issue a Let's Encrypt certificate at the new host. Post-migration (T+1 to T+7): keep the old server reachable for 7 days (cache effects), check logs for 404s, finally cancel. Realistic downtime: 0–5 minutes with low TTL.

cPanel and Plesk backups are not directly interchangeable — both use proprietary .tar.gz structures with their own metadata. Three paths: (1) migration tools like cPanel-to-Plesk-Migrator or Server Sync partially understand both formats; (2) Plesk Migrator (built-in) reads cPanel backups directly; (3) manual — database dump via mysqldump, files via rsync, mailboxes via IMAP sync (imapsync). DNS records, cron jobs and SSL certificates have to be reconfigured in any case.

Seven clear triggers argue for the switch: (1) frequent 503 errors despite active caching; (2) PHP memory limit no longer enough (>256 MB needed); (3) need cron jobs running more often than every 15 minutes; (4) mail sending throttled by the shared host; (5) own Docker containers or Node.js apps alongside PHP; (6) compliance rule requires an isolated VM; (7) traffic exceeds shared hosting fair use. Before the switch: confirm at least three months of stable traffic figures, otherwise the higher VPS price isn't recouped.

Every deal passes a manual cart test: we add the product to the provider's cart, enter the voucher code and verify that the advertised discount is actually applied. Status lifecycle: 'verified' (checked today, code worked) → 'stale' (older than 30 days, recheck recommended) → 'expired' (code no longer works). The full check process is documented at /en/how-we-verify.

Yes, we use affiliate links at most providers and receive a commission when you complete a purchase after clicking 'View offer'. The commission does not make the offer more expensive for you — the price is identical to visiting the provider directly. Our editorial ranking is independent of commission rates; higher commissions do not buy a better position. Full transparency at /en/transparenz.

Verified deals are automatically marked for re-check every 30 days. Critical campaigns with short validity windows (Black Friday, Cyber Week, quarterly promos) are checked weekly. If a code stops working, please report it via the contact form — we'll move the offer to 'expired' within 24 hours.