Did you know that SiteGround considers itself a managed hosting provider? Me either. Sure wasn’t that way when I initially got an account there.
But, that description now gives them the right to slip in any code or directives into your hosting account without even letting you know.
See what’s really going on behind the scenes and why I’m concerned about the direction they are taking.
Over the last couple of years, SiteGround has begun inserting directives into your .htaccess and wp-config file.
ALL of those directives are to benefit them as a hosting company.
Some of them trickle down as a benefit to you.
It Started with WP Updates
One such directive was an auto update system for WordPress.
While they spun it as a benefit to users, the real purpose of it was to protect their servers against hack attacks. Lack of updates is THE #1 way sites get hacked.
By protecting their servers, there is less likelihood that a hacker will go through a backdoor and have access to all sites on that server.
That’s the trickle-down benefit to you.
Part of that system included sending emails to users to notify them that a WP update was available.
You then had the choice to update yourself or it would be updated for you.
And that system was tolerable until the WP 5.0/Gutenberg update became imminent.
We HAD to take full control over any updates through all of the 4.9.x changes that consisted of major updates thrown into minor releases.
Taking that directive out took two steps – removing the directive and deleting you from the update program.
And they NEVER got the request done correctly on the first, or even second, or even third attempt for over a year.
I even asked them for the exact words to put into the ticket, which I shared in this post, and it was still botched.
All that changed when WP 5.0 rolled out.
SiteGround suddenly realized the enormity of support tickets they would face from site owners who were not keeping up with the news if they auto updated sites to Gutenberg.
Suddenly they started being able to fully remove folks from the auto update program correctly when requested.
SiteGround turns on their server-side caching by default. You probably don’t even know it’s running, as it’s hidden away in the cPanel.
They strongly suggest that you install the SG Optimizer plugin, which gives you a friendly user interface to those settings, among other cPanel settings.
The problem is, the interface doesn’t work. You can turn it off in the plugin, but it remains on in cPanel.
When you’re trying to coordinate your caching between server-side caching, a local caching plugin, and Cloudflare, that can wreak all kinds of havoc.
FYI, that server-side cache only really comes into play when you have more than 25k hits a day and it really doesn’t speed up your site. But it does help protect against overages in hosting resources. Again, more for their benefit than yours.
On top of this, the goofy setup at SiteGround made it difficult to use the awesome WP Rocket caching plugin.
The folks at WPR worked HARD to jump through all manner of hoops to get their plugin compliant with SG’s odd setup.
And then they took it a step further and worked directly with SiteGround to improve it.
Then, SiteGround turned around and took ALL of the info from that collaboration and put it into their SG Optimizer plugin so you wouldn’t have to purchase WP Rocket.
What a shitty thing to do!!!!!!!!!!
No More Resource Meters
cPanel provides hosting resource meters so you can monitor usage on CPU, Memory, and I/O (Input/Output on the database).
But for some reason, SiteGround decided to do their own goofy build of that function that limited seeing usage for only a day or a week, instead of the more encompassing graphs and stats provided by cPanel.
Those graphs help chase down resource hog plugin abuse and bad bot hits.
When cPanel released a major update in early 2019, SiteGround’s goofy custom build no longer worked.
That is a SERIOUS detriment to users.
SiteGround runs container hosting, meaning that they don’t let any site hog all of the shared resources on the server. That’s good in that it protects you from sites gone haywire on the same shared server as your site.
But it’s bad in that it has a hard ceiling, way harder than most other hosts.
So, if you have a plugin that is a resource hog and you grow your traffic, you may suddenly run out of hosting resource headroom to handle it.
Without those resource meters, have fun tracking down which one is the problem as you try to troubleshoot.
And what if you have a post suddenly go viral?
Oh great! Your site just got shut down in the middle of that boon.
And good luck trying to figure out the problem without those meters.
In fact, you just have to take their word for it that your site went over the limits as you have no way to see for yourself.
And with the limited time snapshot they gave you anyway, you can’t even look at your history.
Suppressing New WordPress Site Health Features
The latest directive SiteGround silently slipped into your wp-config file is this:
@require_once(‘/var/lib/sec/wp-settings.php’); // Added by SiteGround WordPress management system
I happened to find it during two site audits this past week.
I opened a support ticket asking what it was and why it was put there.
They gave me a super vague reply that it was to tweak WP features.
Four touches on the ticket later, they finally gave me all of the info about it.
It suppresses these functions in the new WordPress Site Health Checker:
- No warning about auto updates being disabled
- No warning about PHP version older than 7.3
- No warning about missing imagic pecl
Since SiteGround has taken over management of these items, they don’t think WP needs to let us know.
Okay, that doesn’t make sense.
If they have taken control to ensure that everything is updated, why would they need to suppress the notification?
And what about the site owners who have opted out of the auto update program and prefer to set their own PHP level?
That PHP level thing is a biggie!!! Not everyone can run the default SG has decided it wants to put everyone on, which is 7.2.
READ: How to check and change your PHP version which also includes a video tutorial for the goofy way you have to do it at SiteGround, and then at all other hosts.
Knocking Out Backup Restoration
But that’s not all that new directive does.
It can also knock a backup restoration stupid.
One of my webmasters found that out the hard way.
She wasted the good part of a day trying to figure out why her migration copy of a client site would not restore on her sandbox site where she was doing a new theme design for them.
Knocking out a backup restoration is damned dangerous!!!!!!!!!!!
It may also interfere with cloning your site on services like UpdraftClone – yes, I’ve warned them about this.
Jefferson Powers started a thread in the WordPress forum about this new directive calling it “very bad practice on Siteground’s part.”
You will also see a comment about the backup restoration issue, trying to convince SiteGround that every backup/migration plugin in the world should not have to change their code to accommodate one more goofy configuration from SiteGround.
They said they will fix that.
You’ll also see my comment about all of this.
What you won’t see is all the time I wasted with support to get a straight answer before finding this thread.
I’ve had it with this pseudo managed hosting stuff and goofy setup
As you’ll also see in that forum thread, I’m not the only one who is surprised that SiteGround now considers themselves a managed hosting provider.
If that’s what I wanted, I’d go elsewhere. I’d pay the higher price for someone to take care of everything for me.
What I can’t afford is to pay a higher price to then have to constantly monitor what is being inserted into my files that may seriously conflict other measures that I’m taking, and other notification systems I think I have and want to rely on (like the new Site Health Check feature).
What I’m most put off with is the lack of transparency in all of this.
What makes for good hosting?
SiteGround has spent years building up a reputation as a go-to host.
They have consistently added features that are both helpful and timely – like being one of the first hosts to offer free Let’s Encrypt SSL certificates.
They’ve also added another security layer to help protect from bad bots and DDoS attacks, it is very similar to the one used by WordPress.com.
The hosting is reasonably fast and stays alive and meets their up-time guarantee of 99.9%.
They implement new cPanel and other features without server down-time too, which is remarkable.
All of these factors make them a good hosting choice.
But, the move into pseudo managed hosting is what I find increasingly disagreeable.
I can’t afford to go back and forth with ticket support 4-5 times just get a straight answer or to get something changed or fixed. I have to pass that cost along to the client I’m working for or just eat it if I’m investigating something on my own.
It’s always been that way with Tier 2 and ticket support.
They finally outsourced their Tier 1 support a couple of years ago and it has been fantastic since, especially on the phone. That was the big hold up in me endorsing them until they got their support issues fixed.
But, their recent changes and goofy build have made me pull back an enthusiastic endorsement.
And I’m sad to see them go down this road the way they are doing it.
Plus, all of this accounts for their higher prices, including the tripling of your renewal price.
If I’m going to pay that, I’m going to want much faster hosting where everything is taken care of for me. In other words, a truly managed hosting package like the one offered by WPEngine.
FYI, I don’t endorse managed hosting for DIY site owners.
Should you leave SiteGround?
I’m not advocating that you leave just to leave.
But if you stay, you’ll need to pay closer attention to their blog for changes they implement and sort out if that is a good fit for you.
You’ll also need to start keeping an eye on your site files for the directives they slip in without telling you.
And, you’ll need to research if the high renewal price is the best fit for your site needs, including your ongoing self-maintenance and annual checkups like the ones I offer in site audits.
SiteGround is still on my recommended list, but no longer at the top.
Ready to Move?
I’m constantly vetting new hosting providers. You can see them on my Resources page.
Also see my Migration Checklist if you plan to do the move yourself.
Contact me to project manage your move if all that is too much for you.
Keep in mind that I do not offer a service to fix a botched migration. It’s cheaper, faster, and far less stressful for both of us to hire me to do it right the first time.