wordpressI’m doing a lot of WordPress development these days.  Most of my clients use my hosting services.  Yes, it’s an obvious business benefit to me because of the recurring revenue, but I also deliver a high level of proactive security and performance management as part of my hosting.  It translates into predictable development and post launch performance. Safe, reliable and fast.

However, some clients have accounts with other hosting providers, or bought a bundled domain name/hosting deal for their new web site.  For the most part, that’s fine.  I can work on sites at pretty much any host.  However, I’m seeing some unsettling approaches to WordPress hosting.  Often by the biggest names in the hosting business.

Godaddy has had dedicated WordPress hosting packages since 2014.  Moderately complex WordPress sites often didn’t perform well on Godaddy’s classic Linux hosting plans, and Godaddy seems to feel their average WordPress hosting client needs more tools to help them succeed.  A logical marketing and support approach by them.  Performance shouldn’t be worse on a platform tuned specifically for hosting WordPress sites.  My experience so far:  It’s worse.

In the low dollar/high volume hosting game, a big part of the business model is jamming a lot of sites into the minimal amount of hardware and support infrastructure, while hopefully still delivering reasonable performance.  For web site owners hosting in high-volume environments, it’s often luck of the draw.  A site may end up deployed on heavily saturated resources.  Performance suffers, sometimes greatly so.

Anecdotal example:  A local designer handed a client off to me.  She had developed a good looking WordPress site for the client.  Supporting hosting and ongoing content changes is not part of her business, so I took over from that point.  The client is on one of Godaddy’s managed WordPress hosting plans.  The performance is awful.  Despite being “managed,” Godaddy WordPress sites are just as vulnerable to performance lapses from server overload as they were on Godaddy’s classic Linux hosting plans.

Also disturbing is the automatic installation of Godaddy specific plugins, and enforcement of a “blacklist” of banned plugins.  Many of the banned plugins are popular caching tools.  Why would they be banned?  Because they conflict with Godaddy’s built-in caching, which can’t be disabled by the average WordPress site owner.  Caching is a complex topic.  It often brings up development and functionality challenges for sites that go beyond basic, static content.  Using a caching tool, either from the host or via a plugin, should strictly be up to the WordPress developer and/or site owner.   Of course, Godaddy forces the use of their caching because it improves the performance of their under-performing hardware.

Another disturbing trend is the bundling or hard-selling of Sitelock.  Sitelock is a somewhat controversial firewall/content delivery network add-on that works in conjunction with WordPress.  My two experiences with Sitelock enabled WordPress sites (at Bluehost) were so bad, I’ve since deliberately stayed far away from it.  Sitelock’s marketing gives a false sense of security to WordPress site owners.  The skilled folks at WordFence recently validated my thinking.  Indeed, one of the Bluehost sites was heavily infected with malware that had skirted Sitelock.  The only help the site owner got from the host was being told they need to pay more and upgrade to a higher level of Sitelock.   Basically, adding the insult after injury.

The problem with the marketing of products like Sitelock is that it encourages site owners to delegate security to a product or service that cannot comprehensively secure a web site.  Keeping a web site secure takes active engagement.  Products like Sitelock encourage site owners to have a dangerous “set and forget” mindset.

Your site’s success on the Internet, in Google search results, and with visitors themselves, depends, in part, on speed and reliability.  Do your own research and choose your hosting provider wisely.