Increase hosting revenue by offering complementary security services
Last CloudFest, Plesk CTO Jan Loeffler, talked about changes in the hosting market. He suggests hosters offer a custom, hyper-tailored security solution – and charge a higher price. Including services like automated malware removal, web-antivirus, web application firewall, and anti-DDOS in existing hosting plans. But why does it pay to do so?
The benefits of selling security services with hosting
- You increase customers’ spending average and bring in more profit;
- They make the entire hosting package more attractive to customers;
- You strengthen clients’ loyalty and trust in you – stopping them from leaving.
Firstly, when you offer complementary security services (panel-integrated malware scanner or automated malware cleanup), the hoster increases revenue. Or creates a new revenue stream. Secondly, embedded antiviruses and other security solutions give a competitive advantage over other hosting providers. And finally, all those features bind the client to their hosting provider.
Hosting customers’ attitudes have changed in the last 3-4 years because of mass infection, chip and automated website hacks. So, site owners worry about security and are ready to pay for it. That’s what makes this a good time to offer security services with hosting.
What security services can hosters offer their clients?
On the left you can see four security services that require human participation. On the right, there are seven complementary services you can fully automate. Now let’s reveal the perks of offering each service.
With thousands of websites hacked every day, web admins want a complete hosting service. One that cleans viruses, whitelists or blacklists domains, protects from re-infection and keeps sites up and running. This will have the most demand.
Managed Web Security
Customers want a dedicated security expert to handle security. That’s 24×7 monitoring, automatic file scans, integrity checks, regular domain reputation checks, vulnerability control, web attack protection and credentials management. It may be more profitable to outsource Managed Web Security to an expert. The service can either be optional for an existing plan, or a separate service with boosted security abilities.
Managed VPS hosting is ideal for any user, regardless of technical level. Because the hosting provider handles technical server-related tasks, including service and OS components update, kernel patching, and HIDs setup.
Migration to HTTPS
While switching to HTTPs has many advantages, underestimating the process can be a disaster. For both rankings and traffic. You can’t just deploy an SSL certificate to the domain. Smooth migration to HTTPs needs a webmaster to adjust XHR requests, match the scheme, adapt page nav, and fix embedded objects. If you’re selling SSL certificates, this service is a good add-on.
It continuously monitors for malware, finds and cleans viruses, web-shells, backdoors and hacker tools, thus preventing damage. It’s an instant help for compromised websites and a must-have for any web hoster.
Plesk already has Revisium Antivirus – a smart malware scanner with one-click automatic malware cleanup and domain reputation check. The Shared Hosting Edition enables feature management integrated with service plans. So, any server admin can configure the antivirus for each service plan.
Website Security Monitoring
This lets you stay in control of security and functionality. It checks websites and identifies issues at the earliest. You can also easily embed the service into the hosting panel, available for customers by per-domain subscription.
Web Application Firewall
Patch vulnerabilities and fix misconfigurations of web apps to save a hacked website from a second attempt. Web Application Firewall resolves these issues using virtual patching and traffic filtering. It can also be seamlessly integrated into the hosting panel.
Sometimes, a CMS can’t update to the latest version. Because site owners want to keep old projects running under the same user account. So, the websites become vulnerable and threaten the neighbors. Virtual (or real) vulnerabilities patching is a lighter and cheaper solution than Web Application Firewall in this case.
Each site must operate in an isolated environment to prevent access to site files and data. If you don’t implement this, you get mass infection under the user account – one hacked site results in cross-contamination. Good practice is to place each website under separate OS user accounts. Or in an isolated container like Docker, lXC, VM. Website isolation can be a separate paid service you can offer customers.
Many users get an unpleasant surprise when they contact their hoster for an old backup and expect to roll back a site to a version older than 2 weeks. The solution may be to expand the user account with Extra Backup, which you activate right from the panel. So, customers can keep as many backups as they’re willing to pay for.
A DDoS attack happens when a network of computers sends a large volume of requests to a web server at the same time. With DDoS protection, a customer’s site is less likely to crash, and visitors are less likely affected by poor website performance. This service may also include spam-bot and HTTP flood protection – both very popular nowadays. So, the AntiDDoS might be a good option for hosting to resell.
Use a 3rd-party antivirus solution to create a new revenue stream
Plesk panel provides ready-to-use antivirus and security monitoring solution – Revisium Antivirus available as Free, Premium and Shared Hosting.
The latest Shared Hosting edition enables several use-case models through Permissions in Service Plans and per-user settings. So, the server admin can manage customers’ features and sell, for instance, malware cleanup service separately. Or make some features available for specific plans:
- Disable the antivirus for chip or free service subscriptions.
- Make Scanner available for free plans and automatic cleanup for paid plans.
- Have email notifications on malware detection for specific users only.
- Antivirus for server admins only so they can check and clean customers’ websites.
So that’s 11 services hosters can add to existing service plans or as separate services. Take this strong competitive advantage to increase revenue and strengthen your clients’ loyalty.
Meanwhile, check out some ways hosters can respond to customer expectations.