For most photographers, building a website these days is trivial with the help of the numerous photo hosting and sharing services out there. Some of these services cater specifically to the professional photographer by offering everything from ecommerce, client logins to marketing tools.
For me, being a career IT professional as well as a photographer, I naturally like to host my own web presence. This however does not mean compromise! I have built hosting environment which would rival a small datacenter with the uptime, security and redundancy that would make most commercial hosting companies grin.
One of the big advantages to hosting my own sites is the complete control over security and expandability as well as virtually unlimited flexibility to what I can host. I am also not worried about monthly fees and can get very cheap transaction rates for major credit cards (no middle man). Yes, I do spend some time maintaining my infrastructure, but not enough to distract me from my photography in any real way.
Always use HTTPS. SSL certificates are cheap these days
Some of the major components of my architecture consist of:
Multiple fully redundant locations for automatic failover when a server or network connection goes down
Enterprise grade Universal Threat Management appliances and subscriptions, with websites behind a proxy
All HTTPS traffic (4096 bit SSL)
Hardened Linux servers dedicated to web hosting
An array of UPS equipment
Multiple layers of hardware and software security, as well as physical security (video, environmental sensors for example)
Encrypted off-site backups on almost everything
My data center is almost fully automated with advanced scripting, and I receive notifications to my portable devices whenever something isn't operating the way it should be.
My recommendations for in-house hosting of your websites are:
Get a static IP address (you will need at least 1)
Make sure the disks on your webserver are RAID (at least RAID 1), or better yet use fast network disks (like an iSCSI LUN capable NAS) with dedicated connectivity to your server
Setup a DMZ and keep your internet facing traffic separate from your LAN
Get a decent upload connection (go for the most you can afford or get access to)
Use dedicated hardware for security (even if you opt for a free firewall OS like pfSense). I use rack mounted Sophos equipment
Connect your network equipment and webserver to a UPS. This would include your internet modem/gateway, switches and server(s). Use software to detect a power outage and have your servers gracefully shutdown (and come back) with power problems
If you can afford it, rent an offsite VPS (virtual private server) or dedicated server and run a script to keep this server identical to your primary machine. This will be your backup server should the primary become unserviceable or unreachable. I use DNS Made Easy for both DNS and IP Failover Services
Always use HTTPS. SSL certificates are cheap these days, improve security and can even improve your Google search results
Keep your server software up-to-date with the latest security patches
Harden your webserver and limit access
Keep your server in a location which makes the most sense to your environment and budget
Monitor your websites from outside your local network (there are plenty of free services which will do this like uptimerobot.com)
Sure, it may often be cheaper (and a lot simpler) to have your websites hosted, but what would be the fun or challenge in that!