Great advice as usual from Mary and Richard
Shared hosting brings with it a particular set of problems when running any web app, not just Moodle, that has to handle large numbers of user accounts. I've found that I need to "beef up" server specs and increase script time limits and memory limits quite substantially with sites that have more than 10,000 registered users, even if those accounts are dormant. These kinds of settings are often set on the shared server and cannot be changed for individual shared hosting accounts. If you ask for them to be increased, they'll usually try to "upsell" you to a VPS or dedicated server account. Either way, if your Moodle database gets jammed up and unresponsive with spam posts in the forums and/or overwhelmed with bot-accounts, there isn't much you can do to rescue it unless you have sysAdmin type access to the server, which doesn't come with shared hosting accounts as far as I know.
If you absolutely have no other option than shared hosting, then keep regular backups of everything and run them manually in Moodle with maintenance mode on (to avoid disclosing sensitive server info) and error reporting on to make sure that the backups complete successfully; without error messaging on they can fail silently and you'd have no idea until you tried to restore the backed-up package.
Also, in my experience, even quite highly rated managed hosting services aren't very helpful or knowledgeable when your site has security issues. In my opinion, it's better to have a self-managed server and to get someone who knows what they're doing to help you out when you need it, e.g. hire a reputable sysAdmin, but then I'm happy to do much of the day-to-day server maintenance myself, e.g. installing updates, checking logs, and using 3rd party web services to check for malware, links to phishing sites, and unusual activity.
BTW, VPS/cloud hosting services are getting better and easier to manage month by month. It's worth looking around from time to time to see how much things have improved and whether it's become a viable option for you yet.