WordPress is now ancient in Internet years. It first came out in 2003: just 5 years after Google went online, and 2 years before MySpace got sold for $580 million. Despite this, it’s the world’s most popular publishing platform, with millions of posts published on WordPress installations each month. Virtually anyone who’s ever blogged knows about the platform. A large number of corporations, from HTC to MTV, use WordPress to host some or all of their online content. As a result, managed WordPress hosting options are growing in popularity.
The question is, which ones can be relied on in an age where security and privacy are increasingly important? In this article, we explore the answer by looking at 5 managed hosting providers based on overall quality, security, and privacy.
We also cover what privacy means as far as WordPress goes, what the 3 main hosting types are, and why regular hosting may not be enough to provide strong privacy for yourself and your users. For starters, let’s address an important question by explaining what privacy means as far as WordPress installations go.
What does privacy for WordPress mean, exactly?
“Privacy” is a blanket term that refers to all kinds of things. But what does it mean in terms of managed WordPress hosting? Let’s start by distinguishing between 3 kinds of entities: page visitors, you as the website owner or manager, and anyone who might be working on your website (e.g. writers, designers, etc).
For you as the website owner, WordPress privacy means keeping your personal data and unpublished content private. This means that information like your business address needs to be shielded. The same goes for the IP you use to log in, your login and password, etc. Moreover, strong privacy means that any data you haven’t published should be impossible to access. Identical rules apply to people working for you: their content and personal data ought to be protected.
Things are a little different from end users. With them, privacy can take on many forms. For starters, you want to make sure you can easily implement privacy settings that make you compliant with the EU’s GDPR and other international regulations. Second, you need to make sure that the cookies and tracking technologies deployed on your website are both legal and unobtrusive. Third, you need to protect your users’ data from leaks, theft, and loss.
All of this can be difficult to achieve with WordPress for several reasons. First, many hosting providers – both managed and shared – are all too happy to mine your data as well as your users’. This can mean that the people you trust to run your website may be harming your WordPress installation’s privacy. Second, many hosting providers are either weak or negligent on compliance and general privacy. This is problematic, especially if you do business in the EU, China, Japan, or other territories with stringent laws. Last but not least, WordPress is just an old platform. It’s now been online for over 15 years, and isn’t naturally equipped with modern security measures.
Fortunately, going with the right managed WordPress hosting provider can help you get top-level privacy features quickly and easily. Below, we’ll explain how – but first, let’s cover how managed hosting is different from the regular variety.
Broadly speaking, there are 3 ways to host a WordPress website. The first is to use your own physical server. This can be the cheapest option if you’re an experienced systems administrator or IT expert. Alternatively, you can simply rent a virtual or physical machine and access it online. Either way, self-hosting gives you the flexibility to make your site’s privacy as tough as you want. Although very few people can manage this kind of hosting effectively, especially while running a business, it’s a solid option if you have the money, knowledge, and experience to run your own servers.
Of course, most businesses don’t want to (or can’t) do the above. Instead, they go for managed or shared hosting. Shared hosting, also known as “regular hosting”, is when multiple websites use the same machine. This is what you get when you sign up with a service like GoDaddy, BlueHost, HostGator, etc. The benefit is that you can host a website for very little money. The problem is that you have to share a machine with a large number of other users. This means your resources are very limited (despite what hosting providers tell you). It also means that the problems affecting your neighbors can affect you, compromising your website’s privacy.
The third option is managed hosting: the main topic of this article. Managed hosting is basically paying a team of professionals to manage your own private server and WordPress installation(s). This kind of hosting is easy to scale, highly flexible, and significantly cheaper than getting your own server. It also has the potential to be strong on privacy, so long as you pick the right provider. The reason is that unlike the above 2 options, you can delegate all kinds of privacy-focused tasks and features to other people, accomplishing a lot more than you could alone. To understand why, read on to learn why the most popular kind of hosting – shared hosting – can be weak on privacy.
If you already have a website, it’s likely to be using shared hosting. This is the default kind of hosting, since most people don’t understand managed hosting well – and don’t have the know-how to self-host. Unfortunately, it’s notoriously weak on privacy for the following reasons.
- Weak privacy features. By default, shared hosting providers tend to give you little in the way of privacy and protection. For example, your average host will ask you to manually install an SSL certificate. If you can’t do so, your users will have to go without data encryption. Another example: shared hosting doesn’t come with anti-DDoS protection. This means your website can be broken, and your data stolen more easily.
- No manpower. The average shared hosting user pays a few dollars a month for service. This makes them a low-priority customer type, and severely limits the help you’re likely to get from a shared hosting provider. If you or your users’ privacy is compromised, you’re on your own.
- Shared resources. With a shared host, you’re using the same hardware as a bunch of other people and businesses. If someone gets a virus, or gets hacked, or something else, you’re under threat too. This may be the worst privacy risk with shared hosting, since you can end up falling victim to malware, criminal attacks, and more through no fault of your own.
- No automatic help. With a regular shared host, you’re not going to get automatic back-ups, website updates, or security patches. This means that unless you stay on top of all things privacy and security yourself, you can easily end up with a vulnerable website without even realizing it.
- Limited resources. Since you’re sharing a single machine with others, your setup is easier to crack and break into. For example, you might only get one permanent IP address which makes you easy to trace. It doesn’t help that you have less processing power so your server is easier for criminals to overwhelm.
With all of the above in mind, a good managed host is superior in virtually every way. Below, we’ll explain why this is and what you need to keep in mind when looking for a quality provider.
How managed hosting can help
A shared hosting provider’s goal is to make a profit by selling a single resource to a large number of people. Their goal isn’t to give you and your visitors the best service quality possible. In contrast, a managed hosting provider is focused on you. This starts with the fact that they give you a standalone server, whether real or virtual. In addition to this, a quality managed hosting provider will help you with the following.
- Resources reserved for you. With a managed provider, your resources are separate from everyone else’s. This means that malware and viruses can’t “migrate” through a server from another WordPress installation. It also means that if criminals attack you, you have a lot more processing power to withstand DDoS and other attacks.
- Qualified help. A quality managed hosting service will have specialists who understand how to protect your website should anything go wrong. These same specialists will help you install pre-emptive security features, help you comply with international laws, etc.
- SSL certificates. Virtually every respectable managed host will give you an SSL certificate, making sure all your users’ data is encrypted. They’ll also refresh these certificates as necessary, making sure there are no “gaps” during which your site is vulnerable.
- An extra pair of eyes. In addition to everything else we already covered, having someone else manage your WordPress means more people are paying attention to your site’s privacy. This is always a good thing, especially since your provider is likely to have highly qualified security specialists on their team.
- Security features. Having someone manage your hosts helps privacy in surprising ways. For example, most services give you a CDN servers that delivers static content even when your main server is offline. This lets you, for example, take your website offline to avoid privacy breaches. We’ll cover specific features like these over the course of this article.
Now that you know some of the main ways in which a hosting provider can improve privacy, let’s move on to discussing specific services.
Top managed services providers
Here, we present our top 5 recommended managed hosting services proven to put security first:
Not all the top managed hosting providers are strong on privacy. Fortunately, Presslabs is both powerful and secure. For starters, they give every single website you delegate to them an SSL certificate. The service they use for the purpose – Let’s Encrypt – is popular, well-established, and trusted online. If you have your own certificate, e.g. from a service like Namecheap, Presslabs will install that for you too. In terms of regulatory compliance, Presslabs, which is based in the EU, is familiar with international laws. They are happy to help clients comply with GDPR and other international laws. All of this is convenient, since it frees you up to manage your website without worrying about privacy and security.
In addition to the above, Presslabs is a powerful all-around platform. Their CDN server functionality means that you can take a website offline if you fear it’s getting hacked into by criminals. Their team is well-known for their expertise, including on cyber security, and Presslabs’ performance is top-notch as a result. In a 2018 benchmark test, the total errors their website displayed in serving 10,000 users over a period of 30 minutes numbered a low, low 56. The average server response time was 208 ms, which is significantly faster than other top brands like Kinsta and Pressable. All of this is very impressive, especially given Presslabs low price level: just $599 per month for a top managed hosting provider.
As an added bonus, Presslabs has 24/7 e-mail and phone support. If you suspect that your privacy or security have been breached, you can call on the Presslabs team for help and get it immediately. Backups are made every 15 minutes, so you can always roll back to your website’s last version at any time if necessary.
WordPress.com’s VIP service is well-known as one of the best-performing managed hosting solutions on the web. solution. In the same benchmark test referenced above, their average response time was a mere 108 ms: the best in the business. Total errors were fairly low too, and while the peak RPS was a notch below Presslabs’ (1400 to 1576), the difference isn’t a dealbreaker. You can use the service to run virtually any WordPress website, even video streaming services; VIP’s peak throughput of 118.68 MB/s makes sure of that. The only problem with the service is its exorbitant pricing policy: $5000/month and upwards.
In addition to all of the above, VIP is also excellent at privacy, security, and compliance. Your data is backed up every hour, so you can always roll back if necessary. For example, if you believe security has been compromised by a malware installation, you can just go back to the website version you had before it. CDN servers are available for all VIP users, so you can also choose to take your website completely offline and know that static content will continue to reach your users. Support is available 24/7, so you can always ask for qualified help when you need it.
One area in which VIP stands out is its customer agreement, which carefully explains how the service’s holding company – Automattic – treats your (and your users’) information. Things are made very clear in the service’s documentation, with VIP doing a lot to keep data private for you and your users. Moreover, VIP adheres to two Privacy Shield frameworks: the Swiss-US and EU-US version. Between all of this and every VIP site getting an SSL certificate, this is another strong choice, albeit one reserved for larger enterprise users because of the high price point.
In addition to the above, Pagely does 3 important things. First, it gives you an affordable CDN for as little as $9 per month. This gives you the flexibility to take your site offline during emergencies, since users will continue to receive static content. Second, Pagely runs complete site scans to make sure your data is never compromised. Last but not least, they help you get and install SSL certificates to make sure your users’ data is encrypted and safe.
With all of these security features, Pagely is a solid choice given their attractive price point: just $499/month for a basic subscription. If you’re looking for a security-first provider on a limited budget, this just may be your best choice.
Pantheon is a robust WordPress managed hosting provider that also happens to be excellent with privacy and security. For starters, Pantheon gives you a guaranteed uptime SLA of 99.95%, which reduces your maximum downtime to under 2 days a year; even if you’re getting blasted by cyber attacks. Second, you get a free SSL certificate that lets your page visitors use encrypted connections, protecting your privacy (and theirs). Third, a global CDN means that you can take your site offline if anything happens to it and still show users all your static content. Last but not least, the infrastructure used by Pantheon is the highly secure Google Cloud Platform: another reason to go with this brand over others.
In addition to all these security measures, Pantheon is outstanding in terms of performance. The benchmark test mentioned earlier in this article resulted in just 88 total errors: a little above WordPress VIP and Presslabs, but not bad by any measure. The service’s peak RPS is a decent 1088.48. Average response time is good, and despite a fairly low average throughput of 59.28 MB/s, you can use Pantheon to host virtually any kind of website you desire.
The one downside to Pantheon is that they collect a large number of information from their own site visitors. They can and do help you protect page visitors’ privacy, but if you’re worried about your own privacy, Pantheon’s policies may be a concern (if only a small one).
Last but not least, we have Flywheel: a budget provider that, unlike most inexpensive managed hosts, does well with security. CDNs are available for $10/month, which is a little expensive – but given Flywheel’s very low price points ($14/month and up), this is understandable. SSL certificates are available too for another $10 per month. If you have both, your WordPress site visitors can enjoy encrypted data and you can take your website offline to protect your data. In addition to these features, Flywheel backs up your server on a nightly basis: impressive for a budget provider. There’s even a free malware clean-up tool that will permanently remove code that makes your website vulnerable before you lose any key data.
In addition to the above, Flywheel has a number of tertiary advantages when it comes to privacy and security. Support is available 24/7, meaning you can get assistance to any emergency (though the reply may not be immediate). The service won’t help you reach GDPR compliance, but you can ask them for input and get helpful, meaningful instructions and help. As an added benefit, the cloud infrastructure is Google Cloud Services, which means Flywheel is highly secure to use.
The importance of doing extra research
Now that you know which managed hosting providers are best for privacy-oriented WordPress publications, what are you going to do? Let us know which provider you’re leaning towards after reading this article, and tell us about your website in the comment section. We look forward to getting your comments and feedback!
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. ExpressVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.