Our new and affordable Managed WordPress Hosting platform is the culmination of all we have learned in the past 17 years. It’s a platform that makes Managed WordPress Hosting accessible to everyone. It’s essentially a bridge between standard shared hosting and VPS hosting and solves all the problems with both these types of hosting. After 17 years and tens of thousands of support tickets we understand what clients really want and expect from a reliable hosting platform. We have taken that knowledge and combined it with our deep understanding of hosting technologies and built something we truly believe in.
This article delves into what we have learned, how our platform works, who it is for and the problems it solves.
The Problem With Shared Hosting
If you sell hosting for $3/mo you need to put a lot of sites on a server to make it profitable. The server has hardware costs, software costs and hosting company staff need to be paid. Shared hosting has come a long way in the last decade and a half but it still has many weaknesses. With 500-1000 sites per server stability problems are just inevitable. Server technicians have to continually tweak server software configurations to maintain stability. Solutions can take time to be found and implemented during which times sites can be negatively impacted.
Shared hosting has strict resources limits per domain to help main a stable environment. If a domain experiences an increase in traffic this can spike CPU, memory, I/O (and more) causing a domain to hit its limits and shutting it down. And this traffic might not even be legitimate. Domains can experience traffic spikes due to all types of bots – malware and scrapers being but a few – and standard ModSec rulesets cannot hope to filter any purposeful percentage of them. Traffic surges due to bot traffic is one of biggest headaches web hosts and website owners face today.
It’s not just bots that can cause resource related problems. Many scripts and plugins are poorly coded and can cause intensive resource usage when ran – yet they can be integral to the function of a website. A web host will normally encourage the owner of such a domain to upgrade to a VPS that might be expensive or present a level of technical awareness or ability that the website owner is unprepared for.
Another issue on shared hosting is the level of spam both hitting the server and emanating from the server. Standard tools like the traditional SpamAssassin are often not enough to cope with the deluge of spam a domain may receive. And those 500 sites might have 10,000 mailboxes, all sending mail from the same IP. Mailboxes are often easily hacked with simple brute force tools. That test mailbox someone set up called “test” with password “qwerty123” can be hacked in less than a minute with simple malware loaded with a “dictionary attack” list of common words. Spam can be sent from hacked PHP scripts via PHP’s mail() function and most servers also run sendmail that hacked scripts can access. This results in IP blacklisting and frustrated clients unable to send mail to some providers.
The Problem With VPS Hosting
VPS Hosting comes in a variety of flavors. The unmanaged or semi-managed flavors can lack functionality and require technical knowledge of Linux. Fully managed VPS hosting takes away all that pain and provides a fully featured suite of services but can be expensive. But expensive is a relative term that depends on the worth of your site’s stability, speed and uptime.
Unmanaged VPS Hosting – A low-powered unmanaged VPS can be had for just a few dollars. A hosts provides the VPS and ensures its uptime. Apart from that the VPS owner is on their own. It is up to the VPS owner to harden, secure and optimize the VPS. Additional tools may have to be purchased to help manage the server (like a control panel). The VPS owner has to have systems in place to monitor the VPS’s services and troubleshoot any problems that may arise. Even with some great tools that are available these days an unmanaged VPS requires some knowledge of Linux, SSH commands (CLI), Apache, MySQL, DNS and email systems like Postfix. All these services also have to be kept up to date with a knowledge of certain dependencies. Definitely not a solution for your average website owner.
Semi-managed VPS Hosting – More expensive than an unmanaged VPS but not as expensive as fully managed. A host will provide a VPS and some tools with which it can be managed and maybe updated. The tools will provide an interface to add domains and manage basic functions. Email may or may not be included. They will not secure or optimize your VPS or troubleshoot issues like “Why is my website slow?” or “Why is my email bouncing?”. Some knowledge of Linux is required to properly secure the VPS and optimize it to maximize its performance. A good solution for someone that is willing to get their hands dirty and learn Linux on the fly.
Fully Managed VPS Hosting – A VPS with all the bells and whistles. This solution is for website owners that want stability, speed and great uptime and are prepared to pay extra for it. The host will monitor all services and fix things proactively if they break or fail. The VPS will be secured, hardened and optimized for maximum performance. The host will treat the VPS like one of their own shared hosting servers and help the VPS owner with any issue related to their hosting. This level of support and service is of course going to cost more than a semi-managed server. The price can present a serious barrier to entry for many website owners.
At HostNexus we recently revamped our fully managed VPS servers. We used to offer low-powered 1gb memory VPSes but such a VPS is limited in what it can do. Our entry level VPS now has more than adequate resources to power a demanding website with a good amount of traffic. This change reflects our new ethos which is total satisfaction at even the entry level. Hosts that provide “total satisfaction” guarantees on shared hosting with low resources or under-powered VPSes are deluding themselves. Is your client going to be totally satisfied when their site hits a limit and goes down? I don’t think so. Is your client going to be satisfied when they sign up for a 1gb fully managed VPS server and their site is horribly slow? Many will not understand that 1gb is not enough to power a site let alone a VPS. They just know they paid extra for a premium service and their site still under-performs. In fact it may be slower than when it was on shared hosting!
The Problem With Current Managed WordPress Hosting
There a lot of managed WordPress hosting companies out there. They generally fall into 3 categories:
In category 1 we have hosts that are super expensive and targeting bigger brands and websites generating large amounts of traffic and revenue. They cost more than a fully managed VPS server and don’t fall into the budget of someone with a WordPress site who just wants excellent uptime, security and speed.
In category 2 are a few managed WordPress hosts with plans on the reasonable size that are specialized in WordPress only. They do not offer any email services at all. Transactional mail has to be outsourced to a service like SendGrid. Normal email outsourced to G Suite, Rackspace, or other provider. While these are great solutions it will add to a client’s hosting costs. These hosts will also not allow any other programs on their servers. If you run another system, like a client support or management CRM for example, you need to host them separately.
In category 3 we find all the hosts that have simply re-branded their shared hosting to WordPress Hosting because they simply offer a 1-Click WordPress installer. Their WordPress plans are likely to be exactly the same as their shared hosting plans – same amount of disk space, same amount of resources. They don’t offer any additional security and their WordPress tools lack critical features like staging and sync.
Our Solution: Addressing What Clients Need
There is a real need in the market for affordable managed WordPress hosting that provides the proper amount of resources to run a website with decent traffic, has PHP optimized to use this resource pool, allows non-WordPress programs, filters bot traffic and provides a bullet-proof, spam-free email service with guaranteed email reputation. It also needs to be on a platform that does not require technical server administration skills and is cheap enough to be accessible to anyone. We believe we have engineered such a platform.
Optimizing for traffic spikes
Domains on our platform are placed in a container with a resource pool that allows for speed and surges in traffic. The resource pool is supplemented with native Nginx and Redis caching. Without proper caching a website cannot hope to perform well under load even with well configured resources. This is our default container:
- 3gb total memory
- 3 CPUs
- PHP memory_limit: 256mb
- PHP post_max_size: 128mb
- PHP upload_max_filesize: 96mb
- FPM: pm (ondemand – scalable processes)
- FPM: pm.max_requests: 200 (info)
- FPM: pm.max_children: 25 (info)
The above PHP FPM settings are optimized for high traffic spikes and can support thousands of concurrent users. The values are worked out with a simple equation:
pm.max_children = container available memory / average WordPress process size
As no two WordPress instances are the same these values can be tweaked on a case-by-case basis to maximum performance. A 3gb memory container with optimized PHP FPM for $15/mo is incredible value. If your WordPress instance requires more than 3gb memory it needs to be on a managed cloud VPS. I hope you’ll agree that this is just common sense.
We load tested our configuration with Loader.io. The test parameters were 1 to 1000 clients per second over one minute and you can view the report here. 60,000 requests were sent to the server in that minute, all loading a WordPress page with demo content. As you can see that generated over 3gb bandwidth in that one minute and resulted in ZERO errors or timeouts. That is the power of a 3gb container with well configured PHP and of course some stellar caching in Nginx and Redis.
Nginx and Redis Caching
No Managed WordPress solution is complete with a solid built-in caching layer. Our servers are powered by Nginx and come with full Nginx caching via Nginx’s proxy_cache (or fastcgi_cache if you run under pure Nginx). Nginx caching is activated by default on all accounts and generally it works out of the box. If your WordPress site sets lots of cookies you might find you need to add these cookies in Plesk’s Apache & Nginx Settings page. We have a detailed tutorial on configuring Nginx here. To find the cookies your WordPress site sets you just need to load your browser in its “private” mode. In Chrome this is called Incognito Mode. Right click anywhere on the page and select “Inspect” and go to the Network tab and reload the page. Then click on the top entry and go to the Cookies tab.
Copy the cookie names into the Cache requests with cookies box in Plesk and that’s it.
We also provide a secondary caching layer with Redis on our affordable managed WordPress Hosting plans. We install a unique Redis Page Cache plugin with WordPress that also works out of the box. You can think of this as a backup cache as Nginx should do all the heavy lifting. You may find instances where the Nginx cache misses, in which case Redis will take up the slack. Like Nginx Redis caching can be improved by adding cookie exceptions. Our tutorial also explains how you can do that. With Redis working in the background clients can also opt to use the excellent Redis Object Cache plugin available in the WordPress plugin repository.
Low Density Servers
Rounding off the performance aspect of our Managed WordPress solution is our strict Low Density policy. This addresses the problem of overcrowding on shared hosting servers. After all, what are high resource limits if hundreds or thousands of domains are battling each other for those resources? We solve this by capping servers off at just 50 domains (Plesk subscriptions). Obviously some overselling is in play here to make the platform profitable but at 50 domains per server this is kept to a minimum. Servers are provisioned with 75gb Memory as the 3gb limit we place on domains is there for traffic spikes. On average a well optimized WordPress site is going to use less than 1gb. So there is always a memory buffer available to handle these surges in traffic. The same goes for CPU. A well optimized WordPress site will normally use a fraction of a CPU and we provision servers with 32 of them. If we see servers maxing out on resources we can easily scale up the CPU and Memory on the fly.
Security and Bot Filtering
Most Managed WordPress providers will have some decent WAF rules to keep out some bots. Usually this will be some simple ModSecurity rules to keep bots from hammering wp-login.php and to stop XML-RPC abuse. For more comprehensive security clients are expected to install a plugin such as WordFence or iThemes Security. These solutions do obviously work but they are also blocking bots at your application layer. A lot of bot traffic means these programs have to work hard to block them and this requires precious CPU and memory. A client will often hit a host’s resource limits running these programs. There are professional services like Sucuri that will block bots in their application layer which offloads the resource usage onto their services. But these services cost a premium. This is another problem that our affordable managed WordPress hosting platform addresses.
Imunify360 and Enhanced ModSec Rulesets
We use a program called Imunify360 to combat the ever-growing problem of unwanted bot traffic. It’s a unique 6 Tier security stack that provides total defense against bots and malware. Its core firewall WAF integrates tightly with our Enhanced ModSecurity and uses an AI and herd immunity to protect all servers in its network. The AI is continually assessing new and possible threat vectors and once identified will distribute new rules to all servers. This means servers can be protected from attacks before they can even happen. An advanced Captcha system is in place to cut down on the amount of false positives and allow legitimate traffic to reach your website.
Imunify360’s second line of defense is its Intrusion Detection System. The IDS scans logs looking for the tell-tale signs of malware bots (such as password failures), issues “deny” rules and reports to the central AI.
The Imunify360 system comes with its own sensitive malware scanner. Any new files on a server are automatically scanned and malware is quarantined and reported to your Dashboard. If malware does get through Imunify’s 4th line of defense deploys – Proactive Defense. It analyzes script behavior when it runs, shuts it down, and the malware scanner will then quarantine the file.
We have yet to see any sites on our affordable managed WordPress hosting platform successfully hacked. If that does happen Imunify’s 5th line of defense is to monitor blacklists. If your site gets listed you will be notified immediately and once reported to us we can clean your site free of charge.
Imnify360’s 6th level is a server level enhancement that improves security in the kernel layer. Security lists are monitored and if a new exploit is discovered the Imunify team prepares a patch and distributes it to all servers. The system can install a patched kernel without a reboot which is normally required. From top to bottom this is just an amazing system.
Non-WordPress Programs
Most Managed WordPress providers won’t allow any non-WordPress files in their system at all. At HostNexus we allow our clients to host pretty much anything. So if you run separate software for client support or management you can install it. We just encourage clients to install software from our included Application Vault installer. Applications installed from this system are always automatically upgraded when a new version is released. That is our only caveat. If you have custom software you are welcome to install it. We are confident that our Imunify360 system can handle any exploits that might appear in your code. Multiple occurrences of exploited code will need to be addressed however.
Spam-free Email and Mail IP Reputation
Another issue with any decent or affordable Managed WordPress Hosting solution is that they simply do not allow email in any shape or form. These providers will often talk about how hosting and email should be separated. While that does have merits this is just an excuse to cover the fact they do not allow email because their VPS infrastructure providers do not allow email. Having to use 2 separate services for email (transactional WordPress email and standard mailbox email) is just not acceptable for most people. And if a managed WordPress providers does offer email it is usually plagued with spam and blacklisting issues.
We are email experts. It’s been part and parcel of our offering since 2001 and there is nothing we haven’t seen. We also understand the weaknesses in standard shared hosting email solutions. So our email service on our Managed WordPress platform addresses all the problems we see clients deal with.
We use a commercial filtering system called SpamExperts. It filters 99.98% of spam before it reaches your inbox without any spam training needed. And yet you can still access quarantined spam if you really need to. New threats and spam attack vectors are continually assessed and identified across the whole SpamExperts network. Protection against new spam sources is in place before it has a chance to send to other servers in the SpamExperts network.
SpamExperts also monitors and filters outbound mail. If a mailbox is compromised and spam is sent it actually won’t even leave the server. This erases the problem of mail server IPs getting blacklisted resulting in bounced mail from all your favorite mail providers.
All Your Favorite Features
Our platform comes with all the features you’d expect from a top-tier provider. Our backup system is rock solid and integrated with the fantastic Plesk control panel that comes with all accounts. We keep 14 days worth of backups and data can be easily restored or downloaded by our clients. The backup program also includes a unique disaster recovery system where we can convert backups into templates and use it to quickly spin up a new server. What this means is that in the event of total server failure we can have a new server up and running within the hour instead of the hours or days it would usually take via the traditional bare metal restore (BMR) method.
We also offer hosting in five different locations – USA, UK, Netherlands, Singapore and Sydney, Australia. With Tokyo, Japan also available for Managed Cloud VPS clients.
We offer free CDN integration via Cloudflare and our clients get Cloudflare’s expensive Railgun feature for free.
Is Affordable Managed WordPress Hosting For Me?
That all depends on your site’s value to you. We’ve designed and priced the platform so it is accessible for everyone – from hobbyists to small businesses to entrepreneurs launching a new startup. If you are frustrated with your current host’s uptime, server stability or security we believe you’ll find our service a breath of fresh air. If you need reliable WordPress hosting with outstanding security, robust and spam-free email and support for non-WordPress programs we are here for you 24 hours of every day, 7 days a week, 365 days a year.
Get Started Today
10gb WordPress Instance, 3gb memory/3 CPU container, low density server, Imunify360 protection, SpamExperts inbound & outbound filtering from just $12.95/mo. Use coupon “ONEDOLLAR” to test drive the first month for just $1!