Yeah but why would the company run by the crazy person be the only safe place?

It’s open source. Just find a different host that isn’t run by a known unstable human. Literally any other. That would be my feeling on it, at least.

Is it feasible to self host websites

yes

for small businesses

NOPE

Well, you say your business sites, so I assume you're okay with downtime. I would absolutely not self-host sites for someone else's business, because if something happens to the hosting (ISP outage, power outage, bad update, hardware failure, accidental deletion, misconfiguration, ISP block, flood/fire/storm, theft, I can go on) then it's my ass on the line. Simple hosting is cheap, spend the few bucks for a lot more peace of mind.

where are you getting servers that cheap

You're not wrong. Again, my logic for that the crazy person is on the warpath towards other hosting companies. For a time he had cut WPEngine off from wordpress.org, which meant thousands of regular people and business running wordpress couldn't update their plugins or wordpress core because they had no access to the .org registries.

Mullenweg isn't going to do that to his own company. I think Mullenweg is a piece of shit, and I would steer clear of wordpress.com. My previous comment pointing towards .com is dumb.

Ah, I got it. Yeah, it makes sense, WP.com is moderately likely to keep working fine probably, it's just that it would make me nervous at this stage. I just don't think he can do anything to really "punish" Bluehost if they're using his software in some way that displeases him. WPEngine's mistake was getting tangled up into a business relationship where they were depending on listings and APIs and things. Although, it probably seemed like a good idea until their business counterpart went off the deep end.

Agree. I'd be nervous about it too. Mullenweg seems pretty unhinged at this point.

This is one.

https://www.nocix.net/dedicated/

What I can tell you, working for a company hosting data for the UK NHS.

Is that hosting is easy, I have a very reliable homelab. I keep things up to date and make sure to secure things the best I can.

But security is hard, there are many things to secure. Blind spots you didn't even know you had.

The bast way to look at security, it to start with secure and dial things back so that it works.

I think the answer depends a lot on the use case of each business's website and what the business owner/employees expect from it.

Is the website a storefront? You'll be spending a lot of time maintaining integration with payment networks and ensuring that the transaction process is secure and can't be exploited to create fake invoices or spammed with fake orders. Also probably maintaining a database of customer orders with names, emails, physical addresses, credit card info, and payment and order fulfillment records... so now you have to worry about handling and storing PII, maybe PCI DSS compliance, and you'll end up performing some accounting tasks as well due to controlling the payment processing.

Does the business have a private email server? You'll be spending a lot of time maintaining spam filters and block lists and ensuring that their email server has a good reputation with the major email service providers.

Do the employees need user logins so that they can add or edit content on the website or perform other business tasks? Now you're not just a web host, you're also a sysadmin for a small enterprise which means you'll be handling common end-user support tasks like password resets. Have fun with that.

Do they regularly upload new content? (e.g. product photos and descriptions, customer testimonies, demo videos) Now you're a database admin too.

Does the website allow the business's customers to upload information? (comments/reviews/pictures/etc, e.g. is it Web 2.0 in some way) god help you.

Exactly. It's not just downtime to worry about, either. It's disks filling up. It's hardware failure. It's DNS outages. It's random DDoS attacks. It's automated scans of the internet targeting WordPress. It's OS, php and database upgrades. It's setting up graphing, monitoring, alerting and being on-call 24/7 to deal with the issues that come up.

If these businesses are at all serious, pay for professional hosting and spend your time running the business.