Bluehost Web Hosting Review 2021




bluehost hosting


Bluehost review: Good performance, well-designed UX, up-to-date security
There's a reason Bluehost is one of the most popular hosting providers on the planet. We take an in-depth look at what it's like using the service and dig deep inside its implementation.

It seems like there is an almost unlimited number of hosting providers who will serve your website for a monthly fee. In the best web hosting providers for 2021, I spotlighted 15 providers that offer a wide range of plans. When doing a full review of a single hosting provider, I set up the most basic account possible and run the service through a barrage of tests. In this article, I'll dive into Bluehost's offerings.

Bluehost at a glance
Shared hosting starting a $2.95 per month
Online store hosting starting at $12.95 per month
Managed WordPress hosting starting at $9.95 per month
Virtual private server (VPS) hosting starting at $18.99 per month
Dedicated server hosting starting at $79.99 per month
Price bump after end of period: Yes

Because there are so many variables among plans and offerings, not only among hosting providers, but within the plans offered by any one provider, it can be difficult to get a good comparison. I've found that one of the best ways to see how a provider performs is to look at the least expensive plan they offer. You can expect the least quality, the least attention to detail, and the least performance from such a plan.

How hosting provider pricing really works
For this series of hosting reviews, I'm testing the most basic, most entry-level plan a vendor is offering. In the case of Bluehost, it's their appropriately named Basic plan. To get pricing, I went to the company's main site at

As with most every hosting provider, Bluehost's published pricing is somewhat misleading. There is no option to get billed only $2.95 per month.

While it looks like you can get the Single Shared Hosting plan for $2.95 per month, that's only if you prepay for three full years, which means you're actually paying $106.20. A hundred bucks or so for three years of hosting isn't a bad deal, but can be confusing. If you want only one year, you're charging $59.40 to your card (which is $4.95 per month). It's more expensive, but not terrible.

There's a gotcha though. When you renew, you're going to pay more. A lot more. Three times more. This, too, is not uncommon for hosting plans and is a practice I strongly wish the hosting industry would stop. When you renew your $2.95 three year plan, you're going to jump to $8.99/month or $107.88/year. Of course, we have no idea what the pricing will be in three years, but you get the idea.

While $2.95 or even $4.95/mo isn't a bad price for basic hosting, the fact is, your price will jump by more than triple what you paid when you signed up. I talked a lot about lock-in and switching costs in my How to create a website: The 2021 step-by-step guide overview. Read it, because Bluehost (and many other hosting providers) have business models that count on the switching costs being so painful that you'll suck up a huge upcharge simply to avoid moving your site.

I focus on these pricing gimmicks in my reviews because it can be really unpleasant to suddenly get a bill that's hundreds or even thousands of dollars (depending on the plan) more than you expected. Second, switching from one hosting provider to another hosting provider can be a very time-consuming and possibly expensive job, fraught with hassles and potential points of failure.

At least half of the hosting vendors I've looked at over the years do these promo deals, with big jumps in renewal fees, so Bluehost isn't alone in this somewhat predatory practice.

Most bottom-end plans are for one website, and Bluehost is no different.

Before we move into the details, let's spend a moment talking about what a base plan really is. All websites are not created equal. While you might be able to pay under three bucks a month to run your website, I pay about a hundred bucks each month to run my small fleet of sites.

A base site is designed for a business or individual who wants a basic online presence. That's a bunch of pages, some product or service images, and a lot of text. If you want to run complex web applications, or you expect a lot of traffic, a basic site is not for you.

If you're just trying to get started with an online presence, starting simply is a good way to go. In this series, we're reviewing the least expensive program each hosting provider offers. That's going to be what the majority of buyers will want, and it will give us a good insight into the company.

Bluehost offers a number of pretty solid features in their Basic plan. The base plan includes 50GB website space (maxing out at a whopping 200,000 files), five email accounts, 100MB of email storage (which is pretty low if you're active), up to 500 emails sent per hour, one free domain registration (for a year), 25 subdomains, a basic SSL certificate, and what they describe as unmetered bandwidth.

Be careful, though. In practice, if you push your account near the limits, or use an excessive amount of bandwidth, it's likely that the service will throttle you back. Bluehost was one of the earliest providers to institute server throttling when "unlimited" resource usage got to be too much.

There are some wins, most notably that even the basic plan is hosted on SSDs. Even if a site is using caching (which reduces the load on a server), having fast drives is always a plus.

The company does have 24/7 chat and phone support, and Bluehost offers a 30-day money-back guarantee. It's not as long as some of the company's competitors, but it is a fair amount of time for you to get a simple site up and running and see how things work.

The first thing I like to do when looking at a new hosting provider is exploring their dashboard. Is it an old friend, like cPanel? Is it some sort of janky, barely configured open source or homegrown mess? Or is it a carefully crafted custom dashboard? These are often the ones that worry me the most because they almost always hide restrictions that I'm going to have to work around somehow.

I got rid of the welcome message and started to look around. I like how Bluehost has the normal cPanel interface, but also provides access to Bluehost services on the left. That's convenient.

I thought about nuking WordPress and installing it myself, but I wanted to see what most users would be presented with when they started the service. So I hit the My Sites button with the WordPress logo icon -- and was presented with upsell city:

To be fair, the upsells don't seem nearly as intrusive as Bluehost's sister vendor, Hostgator. Once logged in, the WordPress dashboard is filled with a lot of stuff that's not traditional to the WordPress dashboard, but it seems more helpful than egregious.

Ooh, this is interesting. Bluehost provides a staging site, even in the base plan. They get some big points for that. It's always nice to having a staging site, and many more expensive plans don't come with one. Granted, this is a staging site managed inside the main WordPress install (which can be a bit dicey when things go waaaay bad), but it's still a great feature for a bottom-level plan.

I have to admit, Bluehost did this right. There were the few upsells I pointed out as we moved into the WordPress part of our review, but nothing that made using the service unpleasant. More to the point, Bluehost has its own plugin install and while it does offer upsells, it does so in a surprisingly non-intrusive way.

Security is one of the biggest issues when it comes to operating a website. You want to make sure your site is safe from hackers, doesn't flag Google, and can connect securely to payment engines if you're running an e-commerce site of any kind.

While the scope of this article doesn't allow for exhaustive security testing, there are a few quick checks that can help indicate whether Bluehost's most inexpensive platform is starting with a secure foundation.

The first of these is multifactor authentication (MFA). It's way too easy for hackers to just bang away at a website's login screen and brute-force a password. In the past, many of my sites have been pounded on by some hacker or another, but because I have some relatively strong protections in place, the bad actor hasn't been able to get in.

Bluehost picks up another win with dashboard-level MFA, which supports Google Authenticator and those compatible, like Authy. Bluehost also supports email authentication, but does the right thing by pushing its customers to smartphone Google Auth authentication as a safer choice.

Bluehost includes a free Let's Encrypt SSL certificate, which is configured and enabled by default. While there are some overhead issues with Let's Encrypt (the certificate needs to be renewed more often than commercially-sold SSL certificates), Bluehost automates that renewal process, so it's not something site operators need to configure.

As my last quick security check, I like to look at the versions of some of the main system components that run web applications. To make things easy, I chose four components necessary to safe WordPress operation. While other apps may use other components, I've found that if components are up-to-date for one set of needs, they're usually up to date across the board.

Next, I wanted to see how the site performed using some online performance testing tools. It's important not to take these tests too seriously. We're purposely looking at the most low-end offerings of hosting vendors, so the sites they produce are expected to be relatively slow.

That said, it's nice to have an idea of what to expect. The way I test is to use the fresh install of WordPress with the standard theme TwentyTwenty. I then performance test the "Hello, world" page, which is mostly text, with just an image header. That way, we're able to focus on the responsiveness of a basic page without being too concerned about media overhead.

There's not much to say here. I had only one interaction, late on a Sunday night. I did get connected with human via chat within about five minutes. The individual was nice and clearly wanted to help. I particularly liked how they let me know that some of the information would take a few minutes to dig up, so I wasn't left hanging, wondering if they'd gone home for the night.

Unfortunately, as I mentioned above, the accuracy of the answers left a little to be desired. That said, being able to reach a support person who is responsive and who tries to be helpful late on a Sunday night is a good thing.

Overall conclusion
I was very pleasantly surprised. It's almost impossible to believe that Bluehost and HostGator are part of the same company. HostGator slapped spammy upsells on everything, making the use of their service an annoyance. On top of that, nearly all their key security components were woefully out of date to the tune of 8 years, 7 years, and 11 years.

Bluehost, by comparison, is pretty much up to date. Their portal and even their implementation of upsells in the WordPress dashboard show a great deal of thought and consideration of the overall user experience.

Even though Bluehost is slightly more costly than HostGator ($0.20 per month) in the initial term and considerably more after term renewal ($2.00 more per month), I would definitely recommend Bluehost over HostGator.

In fact, I'd put Bluehost into the running against the other base level plans I've reviewed. It offers a basic staging server mechanism, reasonably fast page loads, current security libraries, multi-factor authentication, and a low-key approach to upsells. It's not bad at all. Now, maybe they can teach their siblings as HostGator to play nice with others.