Choosing a WordPress Hosting Provider - The Ultimate Guide

Understand the key factors to consider when selecting a WordPress hosting provider, from performance and security to support and scalability.

Last Updated: 13th of Jul 2024
Choosing a WordPress Hosting Provider - The Ultimate Guide

Introduction

Welcome to this in-depth guide on selecting the right WordPress hosting provider. Drawing from years of experience working with various clients and evaluating numerous hosting options, I’ve compiled this resource to help you navigate the complex world of WordPress hosting.

Key points about this guide:

  • Use the Table of Contents to navigate. This guide is comprehensive, so focus on the sections most relevant to your needs.
  • Each section is designed to stand alone, allowing you to quickly find the information you need without reading the entire guide.
  • The things I’m pointing out are based on real-world experiences with multiple hosting providers over the years.
  • Your specific needs, budget, technical skills, and growth plans all play a role in determining the best hosting fit for you.
  • If you’re looking for a reliable hosting solution, consider my own hosting service provided with my partner Positive Internet, which I’ll discuss at the end of this guide.

Now, let’s dive into the world of WordPress hosting. Use the Table of Contents to jump to the sections that interest you most.

Frequently Asked Questions about Hosting

What is website hosting?

Website hosting is a service that stores your website files and databases, making them accessible online. Think of like renting space on a powerful computer that’s connected to the Internet.

Technically, any computer can be used to host a website, but in order to do it properly, i.e. securely with reliability, scalability & performance in mind, it’s best to work with an experienced WordPress hosting provider.

What is a domain name?

Your domain name is your website’s address, e.g. wildpress.co. Instead of you having to memorise a set of numbers (which computers use to find websites), you just need to remember the domain name. Think of it like your phone’s contact list, with names and numbers.

You can purchase a domain name from a domain name registrar for a small annual fee.

Once you own the domain name, you need to make sure you renew the registration annually for a small fee, otherwise the domain name will be made available to the public for purchase.

Why do you need both a domain name and hosting?

  • Your domain name makes it easy for people find your website, without it people would need to memorise a complex number (akin to memorising a telephone number) to find your website.
  • Your hosting provider makes your website available to the public, without it your website won’t be online for people to visit.

Without both, your customers won’t be able to find your website. Imagine having a bricks-and-mortar business, but without a physical store or an address for people to find you.

What’s the difference between managed and managed hosting?

Managed hosting offers a hands-off experience with automatic WordPress updates, security measures, and specialized support, but at a higher cost. It’s ideal for those focusing on content rather than technical management.

Unmanaged hosting provides full server control and is less expensive, but requires technical expertise to handle all aspects of server and site maintenance. Your choice depends on your skills, time, budget, and specific needs.

What Factors to Consider When Choosing a Hosting Provider

Customer Support

Evaluate the hosting provider’s support offerings, including the availability of expert WordPress support, response times, and communication channels (e.g., live chat, phone, email).

It’s incredibly frustrating dealing with an AI chatbot or first-level support person who doesn’t have in-depth knowledge of WordPress. You can find yourself going back-and-forth trying to debug an issue for days, which a WordPress expert would be able to resolve in minutes.

WordPress Expertise

Look for hosting providers that offer support, optimizations, and features specifically for WordPress, such as caching, SSL certificate management, and WordPress-specific security measures.

Pricing

The requirements to host a modern WordPress website are relatively minimal. The most basic requirements are a computer running a web server, PHP, and a database. The most popular “stack” is LAMP (Linux, Apache, MySQL, and PHP).

You can get away with purchasing a cheap hosting package, or rolling your own, but if you’re serious about scaling your website for growth and have little technical expertise, it’s better to choose a more expensive managed hosting plan.

Key differentiators for premium WordPress hosting providers include optimized performance, enhanced security measures, expert WordPress-specific support, automated backups and updates, staging environments, scalability options, and often bundled premium plugin licenses.

The high-performance managed hosting packages start from around $25 USD per month.

Performance

Performance is crucial for user experience, search engine rankings, and overall website success. When choosing a WordPress hosting provider, ensure they use high-performance infrastructure and optimizations:

  • Storage Technology:
    • Fast SSDs (Solid State Drives) for improved read/write speeds
    • Sufficient storage capacity to accommodate your site’s growth. I generally go for 50Gb per site as standard.
  • Memory (RAM):
    • Ample RAM to handle concurrent connections and database operations
    • Look for hosts that offer easy RAM upgrades as your site grows
  • Optimized Server Configurations:
    • Servers fine-tuned for WordPress performance
    • Latest versions of PHP, MySQL, and web server software (e.g., Nginx or Apache)
  • Caching Solutions:
    • Server-level caching to reduce load on expensive queries
    • Object caching (e.g., Redis or Memcached) for faster database operations
    • Page caching to serve static content quickly, e.g. Varnish
  • Content Delivery Network (CDN):
    • Integrated CDN services to ensure fast loading times globally
    • Easy configuration and management of CDN settings
  • Database Optimization:
    • Regular database maintenance (e.g., optimization, repair)
    • Support for database replication for read-heavy sites
  • Network Infrastructure:
    • High-bandwidth connections to handle traffic spikes
    • Low-latency network for faster data transmission
  • Load Balancing:
    • Distributed server architecture to handle high traffic loads
    • Automatic scaling during traffic surges
  • Server Location Options:
    • Multiple data center locations to choose from
    • Ability to select a server closest to your primary audience
  • Performance Monitoring Tools:
    • Real-time performance metrics and analytics
    • Tools to identify and resolve performance bottlenecks
  • Image Optimization:
    • Built-in tools or plugins for automatic image compression
    • Support for modern image formats like WebP
  • HTTP/2 and HTTP/3 Support:
    • Implementation of latest HTTP protocols for faster content delivery

By prioritizing these performance factors, you can ensure that your WordPress site loads quickly and efficiently, providing a superior user experience and potentially improving your search engine rankings.

I recommend asking potential hosting providers about their specific performance optimizations and consider running performance tests on demo sites before making your final decision.

Security

Security is paramount when hosting a WordPress website. Dealing with a website breach or a defacement can be very costly, both financially and from a trust perspective.

Verify that the hosting provider implements robust security measures to protect your website from potential threats. Key security features to look for include:

  • Firewalls:
    • Web Application Firewall (WAF) to protect against common web attacks. I like to use Wordfence.
    • Network firewall to filter malicious traffic
    • Customizable firewall rules for specific security needs
  • Intrusion Detection and Prevention:
    • Real-time monitoring for suspicious activities
    • Automated blocking of malicious IP addresses
    • Regular security audits and penetration testing
  • Regular Security Updates:
    • Automatic updates for server software and OS
    • Proactive patching of known vulnerabilities
    • Managed WordPress core, theme, and plugin updates. Usually this isn’t something that hosting providers offer (outside of automatic updates). A Care Plan will cover this though.
  • Malware Scanning and Removal:
    • Regular malware scans of website files
    • Automated malware removal tools
    • Quarantine system for infected files
  • SSL/TLS Certificates:
    • Free SSL certificates (e.g., Let’s Encrypt)
    • Easy installation and renewal process
    • Support for wildcard and EV certificates
  • DDoS Protection:
    • Mitigation systems to handle Distributed Denial of Service attacks
    • Traffic analysis to distinguish between legitimate users and attackers
  • Access Control:
    • Two-factor authentication (2FA) for hosting account. I recommend 2FA for your WordPress admin dashboard as well. I use Wordfence for this.
    • IP restrictions for WordPress admin area
    • Strong password enforcement
  • File Integrity Monitoring:
    • Continuous monitoring of core WordPress files
    • Alerts for unauthorized file modifications
  • Database Security:
    • Regular security audits of database
    • Protection against SQL injection attacks
  • SFTP/SSH Access:
    • Secure file transfer protocols
    • SSH access for advanced users with proper key management, Ideally, no password-based authentication.
  • Privacy and Compliance:
    • GDPR compliance features
    • Data encryption at rest and in transit
    • Transparent data handling policies
  • Security Headers Implementation:
    • Proper configuration of HTTP security headers
    • Content Security Policy (CSP) support
    • Cross-Origin Resource Sharing (CORS) configuration
    • Implementation of other crucial headers like X-Frame-Options, X-XSS-Protection, and Referrer-Policy
  • Isolated Environments:
    • Account separation to prevent cross-site contamination
    • Container or virtual machine isolation for enhanced security

By choosing a hosting provider with comprehensive security measures, you significantly reduce the risk of successful attacks, data breaches, and downtime due to security issues.

Remember to also maintain good security practices on your end, such as using strong passwords, two-factor authentication, keeping plugins updated, and limiting admin access.

Regular security audits and staying informed about the latest WordPress security best practices will further enhance your website’s protection.

Premium Add-ons

Specialist WordPress hosting providers will often partner with 3rd-party plugin developers to offer you bundles that you would normally need to pay a yearly license for.

For example, a caching plugin may be included as part of your package. The plugin will be optimised to work with the hosting provider’s systems, giving you the best performance you can expect out-of-the-box.

Other plugins may include free page builder tools, or security tools to help prevent bots and malware from scanning and hijacking your site.

Backups and Disaster Recovery

Confirm that the hosting provider performs regular backups and has a robust disaster recovery plan in place.

This is crucial for any website, regardless of the hosting type, to ensure quick restoration in case of an incident. Key aspects to consider include:

  • Backup Frequency:
    • Daily automated backups at minimum
    • Option for more frequent backups (e.g., hourly) for high-traffic or frequently updated sites
  • Backup Comprehensiveness:
    • Full backups including all files, databases, and configurations
    • Separate backups for files and databases for more granular restoration options
  • Retention Policy:
    • Multiple backup versions retained (e.g., last 30 days)
    • Option for longer retention periods for critical data
  • Storage Location:
    • Off-site backup storage for added security
    • Geographically diverse backup locations to mitigate regional disasters
  • Backup Security:
    • Encrypted backups to protect sensitive data
    • Secure transmission of backups to storage locations
  • Restoration Process:
    • One-click restore options for ease of use
    • Ability to restore to a specific point in time
    • Option to restore to a staging environment for testing
  • Backup Testing:
    • Regular tests of backup integrity
    • Periodic restoration drills to ensure recoverability
  • User Access to Backups:
    • Ability for users to initiate manual backups
    • Option to download backups for local storage
  • Disaster Recovery Plan:
    • Documented procedures for various disaster scenarios
    • Clear communication channels during recovery processes
    • Regular updates and testing of the disaster recovery plan
  • Recovery Time Objective (RTO) and Recovery Point Objective (RPO):
    • Clearly defined RTO (how quickly the site can be restored)
    • Clearly defined RPO (maximum acceptable data loss in case of an incident)
  • Scalability of Backup Systems:
    • Ability to handle growing backup sizes as your site expands
    • No significant performance impact on live site during backup processes
  • Compliance and Reporting:
    • Backup systems that meet relevant compliance requirements (e.g., GDPR, HIPAA)
    • Detailed logs and reports of backup and restoration activities

Remember, while hosting providers offer backup services, it’s always a good practice to maintain your own additional backups. This multi-layered approach ensures maximum protection for your valuable website data and quick recovery in case of unforeseen events.

Resource Allocation and Limitations

When choosing a WordPress hosting provider, it’s crucial to consider the resources allocated to your site and any potential limitations. These factors can significantly impact your website’s performance, scalability, and overall cost-effectiveness. Key aspects to consider include:

  • Pricing Structure:
    • Clear breakdown of costs for different plans
    • Transparent pricing for renewals and upgrades
    • Any hidden fees or charges for additional services
  • Storage Space:
    • Amount of SSD storage provided
    • Scalability options for increasing storage
    • Policies on storage usage (e.g., what counts towards your limit)
  • Bandwidth Limits:
    • Monthly data transfer allowance
    • Overage charges or policies if limits are exceeded
    • Unmetered vs. unlimited bandwidth (understand the difference).
  • CPU and RAM Allocation:
    • CPU cores and RAM allocated to your hosting account
    • Burst capacity for handling traffic spikes
    • Upgrade options for more intensive resource needs
  • Email Hosting:
    • Number of email accounts included
    • Storage space for each email account
    • Webmail access and mobile sync options
    • Spam filtering and virus protection features
    • Outgoing SMTP server capabilities
  • Domain Management:
    • Free domain registration with hosting (if offered)
    • Domain renewal fees
    • Support for managing multiple domains
    • DNS management tools
  • Database Limitations:
    • Number of MySQL databases allowed
    • Size limits on databases
    • Support for other database types (e.g., MariaDB, PostgreSQL)
  • Inodes Limit:
    • Maximum number of files and folders allowed
    • Impact on ability to install plugins, themes, and upload media
  • Concurrent Connections:
    • Limits on simultaneous connections to your site
    • How this affects high-traffic periods or bot activity
  • Backup Storage:
    • Whether backups count towards your storage limit
    • Retention period for hosted backups
  • CDN Usage:
    • Integration with Content Delivery Networks
    • Any bandwidth or storage limitations for CDN usage
  • SSL Certificates:
    • Inclusion of free SSL certificates
    • Charges for premium SSL options
  • Add-on Services:
    • Costs for additional services like security scans, performance optimizations
    • Managed services fees (if applicable)
  • Scalability:
    • Ease of upgrading or downgrading plans
    • Costs associated with scaling resources
  • Fair Usage Policies:
    • Any restrictions on resource usage, even on “unlimited” plans
    • Policies on CPU usage, script execution time, etc.

When evaluating these factors, consider not just your current needs but also your anticipated growth. A plan that seems sufficient now might become restrictive as your site grows.

Always read the fine print and don’t hesitate to ask the hosting provider for clarification on any limitations or restrictions.

Remember, the cheapest option isn’t always the most cost-effective in the long run if it restricts your site’s potential for growth and performance.

Uptime & Reliability

The reliability of your WordPress hosting is crucial for maintaining a consistently accessible website. When evaluating a hosting provider, consider the following aspects of uptime and reliability:

  • Service Level Agreement (SLA):
    • Check for a clearly defined uptime guarantee (e.g., 99.9%, 99.99%)
    • Understand how uptime is calculated (e.g., monthly, annually)
    • Review compensation policies for failing to meet the guaranteed uptime
  • Historical Performance:
    • Research the provider’s track record of reliability
    • Look for third-party uptime monitoring reports
    • Check user reviews and testimonials regarding reliability
  • Network Infrastructure:
    • Multiple data centers in different geographic locations
    • Redundant network connections and power supplies
  • Monitoring and Support:
    • 24/7 server monitoring for quick issue detection
    • Rapid response times for critical issues
  • Maintenance Windows:
    • Scheduled maintenance during off-peak hours
    • Clear communication about planned downtime
  • Transparency:
    • Public status page showing real-time and historical uptime data
    • Clear communication about any incidents or outages
  • Uptime Monitoring Tools:
    • Provision of tools for customers to monitor their own site’s uptime
    • Integration with third-party uptime monitoring services

Remember, while a 100% uptime guarantee might sound attractive, it’s generally unrealistic due to necessary maintenance and unforeseen issues. Look for providers that offer transparent, realistic uptime guarantees backed by a solid infrastructure and support system.

When reviewing the SLA, pay attention to how “uptime” is defined, what constitutes “downtime,” and what compensation (if any) is offered for failing to meet the guaranteed uptime. Some providers might exclude certain types of outages from their uptime calculations.

Control Panel and User Interface

The control panel is your primary tool for managing your WordPress hosting. A user-friendly and feature-rich interface is crucial for efficient site management. Consider the following aspects:

  • Ease of Use:
    • Intuitive navigation and clear layout
    • User-friendly design for users with varying technical expertise
  • Essential Functions:
    • Backup creation and restoration
    • Environment management (production, staging, development)
    • Data migration between environments
    • Software package and configuration management
  • Site Statistics:
    • Easy access to key performance metrics
    • Insights into site usage and visitor data
  • Log Management:
    • Access to error logs and server access logs
    • Resource usage metrics (disk space, network traffic, etc.)
  • Team Collaboration:
    • Ability to add team members with different permission levels
    • Avoid account sharing or overly permissive access
  • Security Features:
    • Two-factor authentication (2FA) support
    • Other built-in security enhancements. Strong password requirements, public key management, etc.
  • Multi-Site Management:
    • Single dashboard for managing multiple WordPress sites
    • Easy switching between different websites
  • Developer Tools:
    • SFTP and SSH access
    • Public key-based authentication support
    • Account and key management for each site
  • Customer Support Access:
    • Direct access to human support when needed
    • Support staff knowledgeable in hosting systems and WordPress
  • User Interface Customization:
    • Options to personalize the dashboard layout
    • Ability to set preferred views or shortcuts
  • Mobile Compatibility:
    • Responsive design for management on mobile devices
    • Mobile app availability for on-the-go site management
  • Integration Capabilities:
    • Support for popular third-party tools and services
    • API access for custom integrations
  • Update Management:
    • Easy WordPress core, plugin, and theme updates
    • Options for scheduling or automating updates
  • Performance Monitoring:
    • Real-time server resource usage displays
    • Alerts for unusual activity or resource spikes

When evaluating a hosting provider’s control panel, consider testing it through a demo or trial period if available. This hands-on experience can give you a better feel for the interface and help you determine if it meets your specific needs and preferences.

Developer Friendliness

For developers working on WordPress sites, certain features and tools can significantly enhance productivity and workflow efficiency. Consider the following aspects when evaluating a hosting provider’s developer-friendliness:

  • Command Line Access:
    • SSH (Secure Shell) access to the server
    • Support for popular command-line tools (Git, Composer, WP-CLI, etc.)
  • Version Control Integration:
    • Git repository support
    • Easy deployment from Git repositories
    • Support for continuous integration/continuous deployment (CI/CD) pipelines
  • Staging Environments:
    • One-click staging site creation
    • Easy synchronization between live and staging sites
    • Ability to push staging to production
  • Database Management:
    • phpMyAdmin or alternative database administration tool
    • Direct MySQL/MariaDB access
    • Database backup and restore options
  • Customization Capabilities:
    • Ability to modify PHP versions and settings
    • Support for custom Nginx or Apache configurations
    • Access to server-side caching configurations
  • Development Tools:
    • Built-in or easy-to-install development tools (e.g., Xdebug)
    • Support for task runners and build tools (Gulp, Webpack, etc.)
    • Local development tools or integrations (e.g., Local by Flywheel)
  • API Access:
    • RESTful API for managing hosting account and sites
    • Webhooks for automating tasks and integrations
  • Performance Testing:
    • Built-in tools for load testing and performance profiling
    • Easy integration with external performance monitoring services
  • Multilingual Support:
    • Tools for managing multilingual WordPress sites
    • Support for internationalization and localization workflows
  • Collaboration Features:
    • Team member access controls and permissions
    • Collaborative coding environments or integrations
  • Scalability Options:
    • Easy resource scaling (CPU, RAM, storage)
    • Support for high-traffic configurations (load balancers, clusters)
  • Debugging and Logging:
    • Detailed error logs with easy access
    • Debug mode toggle for WordPress
    • Log retention and search capabilities
  • Security Tools for Developers:
    • Easy SSL certificate management (including wildcard SSL)
    • IP whitelisting for development access
    • Two-factor authentication for SFTP/SSH
  • Compatibility and Testing:
    • Multiple PHP version support for testing
    • Easy creation of temporary URLs for client previews
  • Documentation and Resources:
    • Comprehensive developer documentation
    • API references and code examples
    • Community forums or knowledge bases for developers

When evaluating a hosting provider’s developer-friendliness, consider the specific tools and workflows you commonly use in your development process. A provider that aligns well with your preferred development practices can significantly enhance your productivity and the overall development experience.

Scalability

As your WordPress site grows, your hosting needs may change. A scalable hosting solution can accommodate this growth without requiring a complete migration. Consider these aspects of scalability when choosing a hosting provider:

  • Resource Scaling:
    • Easy upgrades for CPU, RAM, and storage
    • Option to scale resources up or down as needed
    • Automatic resource allocation during traffic spikes
  • Bandwidth Management:
    • Flexible bandwidth limits
    • Ability to handle sudden traffic surges
    • Clear policies on bandwidth overages
  • Vertical Scaling:
    • Seamless upgrades to higher-tier plans
    • Minimal downtime during plan changes
    • Clear upgrade paths and pricing
  • Horizontal Scaling:
    • Support for load-balanced environments
    • Options for adding multiple servers or nodes
    • Database replication and clustering capabilities
  • Database Scalability:
    • Support for database optimization as site grows
    • Options for dedicated database servers
    • Database caching mechanisms
  • Containerization and Microservices:
    • Support for containerized environments (e.g., Docker)
    • Ability to scale individual services independently
  • Elastic Storage:
    • Expandable storage options
    • Support for external block storage solutions (e.g., Amazon S3, DigitalOcean Volumes)
  • Cost Management:
    • Clear pricing for scaled resources
    • Tools to monitor and optimize resource usage
    • Flexible billing options for variable resource needs

Migration Assistance

Some managed hosting providers offer free website migration services or tools, which can be helpful when switching from another hosting provider.

Automated migrations aren’t super complicated, but some issues can arise during a migration. Websites with large disk space requirements, millions of database rows, custom dependencies, legacy PHP support, or legacy plugins, sometimes need a helping hand and a bit of manual intervention from a WordPress developer.

Interoperability With Other Software Packages

I don’t want to go into too much detail with this point, but I think it’s an added bonus if you can find a managed hosting provider that offers support for services that you would often find alongside a WordPress website.

For instance, being able to run a Laravel application, a Discourse forum, or a Node.js server alongside your WordPress site. If these apps are supported and their underlying dependencies are kept up-to-date and secure, it makes things a lot easier for you to manage, as you aren’t switching between providers for each service.

A few unmanaged hosting providers, like DigitalOcean or Hetzner, allow you to run any software you like, but you are responsible for keeping the servers and applications operational and up-to-date. If you have an IT team supporting you, this can be a good option.

What Types of WordPress Hosting Are There?

The performance, security, and user experience of your WordPress site heavily depend on the quality of the hosting infrastructure it runs on.

When you are looking for a hosting provider, there are two options, managed and unmanaged. You can also self-host, but I won’t cover that here.

Unmanaged Hosting

Unmanaged hosting is usually cheaper - a hosting provider gives you a server and lets you do whatever you want, but you need to set it up yourself.

This option is great for experienced IT people who are comfortable managing servers and have the time to do so.

With unmanaged hosting, you are responsible for:

  • Installing and configuring the operating system
  • Setting up the web server (e.g., Apache or Nginx)
  • Configuring the database (e.g., MySQL or MariaDB)
  • Installing and configuring WordPress
  • Implementing security measures, such as firewalls and SSL certificates
  • Monitoring server performance and troubleshooting issues
  • Performing regular backups and updates

While unmanaged hosting provides more control and flexibility, it also requires more technical expertise and time investment.

Managed Hosting

Managed hosting can be quite pricey, depending on the level of service and the specific features included. However, it offers a more hands-off approach to hosting, as the provider takes care of many aspects of server management for you.

Managed hosting providers typically offer:

  • Server setup and configuration
  • WordPress installation and optimization
  • Automatic updates for WordPress core, plugins, and themes
  • Regular backups and easy restore options
  • Enhanced security features, such as firewalls, malware scanning, and intrusion detection
  • Performance optimization, such as caching and content delivery networks (CDNs)
  • Expert support and troubleshooting
  • Website migrations to their platform

Managed hosting is ideal for those who want to focus on their website and business, rather than worrying about the technical aspects of server management. It can save time and provide peace of mind, knowing that experts are taking care of the hosting infrastructure.

By carefully considering your hosting options and selecting a provider that meets your needs, you can ensure that your WordPress site has a solid foundation for performance, security, and reliability.

My Personal WordPress Hosting Provider Recommendations

In my experience as a freelance WordPress developer, I have worked with a wide array of hosting providers, including Cloudways, WP Engine, Siteground, IONOS, GoDaddy, and many others.

However, I have found a particularly strong partnership with The Positive Internet Company, a boutique WordPress hosting provider based in Carnaby Street, London.

Why choose Positive Internet?

Positive Internet owns and operates their own 100% green energy data centers, which aligns with my values of sustainability and reducing the environmental impact of web hosting.

They have been providing top-notch hosting services since 1998 and have a deep understanding of the Linux and WordPress ecosystem.

Some key advantages of partnering with Positive Internet include:

  • Fully managed WordPress hosting with expert support from their small, highly skilled technical team.
  • High-performance infrastructure optimized for WordPress.
  • Robust security measures and regular backups.
  • 100% green energy data centres at their Positive Park location.
  • UK-based support team.
  • Scalable solutions to accommodate growth.

While every project has unique requirements, I have found Positive Internet to be an excellent choice for many of my clients, delivering fast, secure, and reliable WordPress hosting.

If you decide to partner with me, either for your next website build or as part of a Care Plan, I would highly recommend choosing a hosting package with Positive Internet. Book an intro call and we can discuss.