SiteGround Morphing into Pseudo Managed Hosting

Did you know that SiteGround considers itself a managed hosting provider? Me either. Sure wasn’t that way when I initially got an account there.
But, that description now gives them the right to slip in any code or directives into your hosting account without even letting you know.
See what’s really going on behind the scenes and why I’m concerned about the direction they are taking.
Hidden Directives
Over the last couple of years, SiteGround has begun inserting directives into your .htaccess and wp-config file.
ALL of those directives are to benefit them as a hosting company.
Some of them trickle down as a benefit to you.
Some don’t.
It Started with WP Updates
One such directive was an auto update system for WordPress.
While they spun it as a benefit to users, the real purpose of it was to protect their servers against hack attacks. Lack of updates is THE #1 way sites get hacked.
By protecting their servers, there is less likelihood that a hacker will go through a backdoor and have access to all sites on that server.
That’s the trickle-down benefit to you.
Part of that system included sending emails to users to notify them that a WP update was available.
You then had the choice to update yourself or it would be updated for you.
And that system was tolerable until the WP 5.0/Gutenberg update became imminent.
We HAD to take full control over any updates through all of the 4.9.x changes that consisted of major updates thrown into minor releases.
Taking that directive out took two steps – removing the directive and deleting you from the update program.
And they NEVER got the request done correctly on the first, or even second, or even third attempt for over a year.
I even asked them for the exact words to put into the ticket, which I shared in this post, and it was still botched.
All that changed when WP 5.0 rolled out.
SiteGround suddenly realized the enormity of support tickets they would face from site owners who were not keeping up with the news if they auto updated sites to Gutenberg.
Suddenly they started being able to fully remove folks from the auto update program correctly when requested.
Server-Side Caching
SiteGround turns on their server-side caching by default. You probably don’t even know it’s running, as it’s hidden away in the cPanel.
They strongly suggest that you install the SG Optimizer plugin, which gives you a friendly user interface to those settings, among other cPanel settings.
The problem is, the interface doesn’t work. You can turn it off in the plugin, but it remains on in cPanel.
When you’re trying to coordinate your caching between server-side caching, a local caching plugin, and Cloudflare, that can wreak all kinds of havoc.
FYI, that server-side cache only really comes into play when you have more than 25k hits a day and it really doesn’t speed up your site. But it does help protect against overages in hosting resources. Again, more for their benefit than yours.
On top of this, the goofy setup at SiteGround made it difficult to use the awesome WP Rocket caching plugin.
The folks at WPR worked HARD to jump through all manner of hoops to get their plugin compliant with SG’s odd setup.
And then they took it a step further and worked directly with SiteGround to improve it.
Then, SiteGround turned around and took ALL of the info from that collaboration and put it into their SG Optimizer plugin so you wouldn’t have to purchase WP Rocket.
What a shitty thing to do!!!!!!!!!!
No More Resource Meters
cPanel provides hosting resource meters so you can monitor usage on CPU, Memory, and I/O (Input/Output on the database).
But for some reason, SiteGround decided to do their own goofy build of that function that limited seeing usage for only a day or a week, instead of the more encompassing graphs and stats provided by cPanel.
Those graphs help chase down resource hog plugin abuse and bad bot hits.
When cPanel released a major update in early 2019, SiteGround’s goofy custom build no longer worked.
That is a SERIOUS detriment to users.
SiteGround runs container hosting, meaning that they don’t let any site hog all of the shared resources on the server. That’s good in that it protects you from sites gone haywire on the same shared server as your site.
But it’s bad in that it has a hard ceiling, way harder than most other hosts.
So, if you have a plugin that is a resource hog and you grow your traffic, you may suddenly run out of hosting resource headroom to handle it.
Without those resource meters, have fun tracking down which one is the problem as you try to troubleshoot.
And what if you have a post suddenly go viral?
Oh great! Your site just got shut down in the middle of that boon.
And good luck trying to figure out the problem without those meters.
In fact, you just have to take their word for it that your site went over the limits as you have no way to see for yourself.
And with the limited time snapshot they gave you anyway, you can’t even look at your history.
Suppressing New WordPress Site Health Features
The latest directive SiteGround silently slipped into your wp-config file is this:
@require_once(‘/var/lib/sec/wp-settings.php’); // Added by SiteGround WordPress management system
I happened to find it during two site audits this past week.
I opened a support ticket asking what it was and why it was put there.
They gave me a super vague reply that it was to tweak WP features.
Four touches on the ticket later, they finally gave me all of the info about it.
It suppresses these functions in the new WordPress Site Health Checker:
- No warning about auto updates being disabled
- No warning about PHP version older than 7.3
- No warning about missing imagic pecl
Since SiteGround has taken over management of these items, they don’t think WP needs to let us know.
Okay, that doesn’t make sense.
If they have taken control to ensure that everything is updated, why would they need to suppress the notification?
And what about the site owners who have opted out of the auto update program and prefer to set their own PHP level?
That PHP level thing is a biggie!!! Not everyone can run the default SG has decided it wants to put everyone on, which is 7.2.
READ: How to check and change your PHP version which also includes a video tutorial for the goofy way you have to do it at SiteGround, and then at all other hosts.
Knocking Out Backup Restoration
But that’s not all that new directive does.
It can also knock a backup restoration stupid.
One of my webmasters found that out the hard way.
She wasted the good part of a day trying to figure out why her migration copy of a client site would not restore on her sandbox site where she was doing a new theme design for them.
Knocking out a backup restoration is damned dangerous!!!!!!!!!!!
It may also interfere with cloning your site on services like UpdraftClone – yes, I’ve warned them about this.
Complaints
Jefferson Powers started a thread in the WordPress forum about this new directive calling it “very bad practice on Siteground’s part.”
You will also see a comment about the backup restoration issue, trying to convince SiteGround that every backup/migration plugin in the world should not have to change their code to accommodate one more goofy configuration from SiteGround.
They said they will fix that.
You’ll also see my comment about all of this.
What you won’t see is all the time I wasted with support to get a straight answer before finding this thread.
I’ve had it with this pseudo managed hosting stuff and goofy setup
As you’ll also see in that forum thread, I’m not the only one who is surprised that SiteGround now considers themselves a managed hosting provider.
Since when?
If that’s what I wanted, I’d go elsewhere. I’d pay the higher price for someone to take care of everything for me.
What I can’t afford is to pay a higher price to then have to constantly monitor what is being inserted into my files that may seriously conflict other measures that I’m taking, and other notification systems I think I have and want to rely on (like the new Site Health Check feature).
What I’m most put off with is the lack of transparency in all of this.
Loss of cPanel
SiteGround has chosen to drop the top control panel, cPanel, in favor of their own custom control panel that they will switch all customers to in Sept 2019.
This obliterates all 3rd party tutorials for doing anything on the backside of your hosting. So, you’ll be reading tutorials twice, once from the 3rd party vendor, and then once from SiteGround to try to translate it into the SiteGround way of doing it.
Want tech help with your site? Better get someone familiar with this new custom control panel!
Want to migrate away from SiteGround to better hosting? Better find a host familiar with this new control panel too.
SEE: A video tour of the new interface for more on how the new interface looks and what’s missing.
What makes for good hosting?
SiteGround has spent years building up a reputation as a go-to host.
They have consistently added features that are both helpful and timely – like being one of the first hosts to offer free Let’s Encrypt SSL certificates.
They’ve also added another security layer to help protect from bad bots and DDoS attacks, it is very similar to the one used by WordPress.com.
The hosting is reasonably fast and stays alive and meets their up-time guarantee of 99.9%.
They implement newfeatures without server down-time too, which is remarkable.
All of these factors make them a good hosting choice.
What Makes for a Bad Host?
But they most certainly aren’t the fastest host! And that affects your site load time.
And, the move into pseudo managed hosting is what I find increasingly disagreeable.
I can’t afford to go back and forth with ticket support 4-5 times just get a straight answer or to get something changed or fixed. I have to pass that cost along to the client I’m working for or just eat it if I’m investigating something on my own.
It’s always been that way with Tier 2 and ticket support.
They finally outsourced their Tier 1 support a couple of years ago and it has been fantastic since, especially on the phone. That was the big hold up in me endorsing them until they got their support issues fixed.
But, their recent changes and goofy build have made me pull back an enthusiastic endorsement.
And I’m sad to see them go down this road the way they are doing it.
Plus, all of this accounts for their higher prices, including the tripling of your renewal price.
If I’m going to pay that, I’m going to want much faster hosting where everything is taken care of for me. In other words, a truly managed hosting package like the one offered by WPEngine.
FYI, I don’t endorse managed hosting for DIY site owners.
See my Resources page for the hosts I do recommend for DIY site owners.
Should you leave SiteGround?
I’m not advocating that you leave just to leave.
But if you stay, you’ll need to pay closer attention to their blog for changes they implement and sort out if that is a good fit for you.
You’ll also need to start keeping an eye on your site files for the directives they slip in without telling you.
And, you’ll need to research if the high renewal price is the best fit for your site needs, including your ongoing self-maintenance and annual checkups like the ones I offer in site audits.
SiteGround is still on my recommended list, but no longer at the top.
Ready to Move?
I’m constantly vetting new hosting providers. You can see them on my Resources page.
Also see my Migration Checklist if you plan to do the move yourself.
Contact me to project manage your move if all that is too much for you.
Keep in mind that I do not offer a service to fix a botched migration. It’s cheaper, faster, and far less stressful for both of us to hire me to do it right the first time.

While I don’t use SG, I just want to say that I think that MANY providers are moving in this direction as they have been marketing “WordPress Hosting” which is really just a new label on traditional cPanel hosting vs truely managed services – where you have FTP / phpMyAdmin and maybe an on/off for caching or CDN but really the hosting company does everything else
In my personal opinion unless you are on a VPS where you have WHM/cPanel – if you just have a server and were given cPanel – you are in / on a shared server (which I consider lower end / basic hosting) – It just has a new label on it.
I’m sorry to say I agree with you Philip. There is no industry standard on what defines managed hosting. It’s a very loose term, and as you said, just a label for most.
Shared may be the lowest level of hosting. But that’s all most niche bloggers can afford until they get enough traffic to warrant a VPS. And shared hosting is what made SiteGround so big, as it did for all EIG owned hosts that none of my clients would wipe their feet on.
I get that shared hosting providers need to take extra precautions for hacking now as so many site owners don’t do that properly for themselves. I know, I’m in the business of helping site owners have better security. But the fact is, those that even give a damn about it are the tiniest sliver of site owners.
As I mentioned in the article, some of these changes are good for the host and site owners. But lately, not so much for site owners, or the folks like me who they pay to help them.
I’m not even a SG customer, never have been, but I’ve known them as a managed hosting provider for quite a few years now. It’s also not uncommon for these providers to make internal adjustments to the WP config file (among others) in the process. WPEngine, among others, do this as well. It’s all built into the system so you don’t have to worry about it.
TBH I’m surprised you’re only discovering this just now.
In all my years of doing site audits, I don’t see most of the hosts doing things like what I described in this post. But then, I’ve given up doing audits on junk hosts like EIG and GoDaddy, so don’t know what the trends are there. I do see them using the Managed label, and they do some things for you, but not what I’ve called out here.
To me WPEngine sets the standard of managed hosting. They are radically different from this pseudo thing that SG is now doing as far as their setup and what they do for you. I think SG is in a very dangerous position of murky, undefined services of what they do and what you should do for yourself.
MaAnna,
Thank you so much for this post. Ever since I noticed you saying something about SiteGround’s “goofy” setup, I’ve been dying to know what you meant by that…since I am a (relatively) happy SiteGround customer.
Your explanation here is very interesting…and I agree with you that some of this goofy stuff could easily become bad stuff. :)
When talking about tech support, you mentioned Tier 1 and Tier 2…does that have something to do with whether you’re under the “GooGeek,” “GrowBig,” or “StartUp” plan? Can you give some more detail about that, please? What I’ve noticed over the last year or so is that their telephone support has gone downhill just a bit…and I’ve found it faster and better to just start a ticket and get the help or information I need.
I’m looking forward to what other hosting recommendations you come up with…your recommendations are the best of any out there.,
Thanks, always…
Christian
Tier 1 are the front line folks, like those that answer the phone and chat. That is what they radically improved.
Tier 2 and up are the folks who have deeper access to the server and such for things that Tier 1 can’t access or aren’t required to know or equipped to check. Those used to be the only folks answering tickets and it’s still awful if you get one of them. Takes 2-3 touches just to explain what you’re trying to do.
I’ve already been giving reports in Tips Tuesday of the new host I’m on, and you can see it on the Resources page too.
MaAnna…thanks for the info. Yes, some of the people answering the phone aren’t very good at helping…but the ticket system usually works great.
My experience over many years of doing this is that lots of hosting services start out great…and then, eventually, they start to go downhill until they become useless. Case in point: BlueHost.
At least SiteGround hasn’t been bought by EIG yet. :)
Thanks again for always being so entertaining and helpful.
This was fascinating reading because it confirmed what I’ve been seeing, but had discounted because I am a very small hobby blog. It’s just me over here. I noticed that I could no longer see the IPs of bots that were hammering my blog, but that I would get nasty emails saying I was abusing CPU and my site would soon be shut down. Support tickets did nothing to help and I’m only marginally technically proficient. So far, it has only been bluster because I don’t get that much ongoing traffic, but it is aggravating to get no help at all from them.
Also, they tripled my renewal rate as you mentioned. I was unhappy, but afraid it would triple again in a year, so I signed up for two. Now, feel like I need to read your Resources list.
Thank you for being so helpful to those of us who can’t afford an admin, but have to learn as we go.
Those big bots hits are likely due to a lack of proper security, Catherine.
The only resolution the host can offer is to go up to a bigger hosting package. That doesn’t fix the problem, it just gives more headroom for all those bots.
A site audit to show those security holes and then fixing them is a lot cheaper than paying more for hosting.
Thank you for the reply! I use Wordfence for security, but the free version. My blog is not a revenue generating endeavor, unfortunately.
I think I understand what a site audit is, but who does them? I would appreciate someone going through my site and evaluating what is useful and what is problematic. Is this something you do?
I do all of the site services offered on BlogAid. Please have a look at the site audit page to see what is included and if those checks are what you expect to have looked into. It’s mainly for speed and security. It’s an audit, meaning we see what’s there and get a whole picture. Fixes are not included. If your site is not a money-maker, seriously consider going to WP.com instead of self-hosting. It’s honestly too much work and expense to try to DIY it now if it’s not a business investment.
I first started to get skeptical when you said that it was hard to change PHP versions. That’s not true at all. You provide a link to a page of text about them, and then say to compare it “all other hosts”. How? They use the easiest cPanel PHP switcher in the world.
I stopped reading when you said they’re eliminating cPanel in September 2019 (5 months ago and cPanel is still going strong).
Your information is not good.
Luke,
You’re wrong: MaAnna correct when she said that SiteGround was dropping cPanel.
You can read one of the early announcements about it right here where they talk about starting the process of dropping cPanel in favor of their own system, starting in September 2019:
https://www.siteground.com/blog/new-client-area-and-site-tools/
Here’s a SiteGround page describing their new system:
https://www.siteground.com/technology
And here’s a YouTube video you can watch to see how their cPanel replacement works:
https://www.youtube.com/watch?v=p82MExLtGWk
It’s true that the changeover is going slowly…but…that doesn’t mean MaAnna’s “information is not good.”
Luke, they haven’t switched everyone over to the new custom control panel yet because they ran into so many issues.
They were advertising like crazy and then stopped due to all the issues they found on their servers.
That has everything to do with why they are currently moving folks over to Google Cloud now.
Once they get folks on a more modern server stack they will once again resume moving everyone over to the new custom control panel.
And their PHP switcher has an easy way to get to the level setting, but not to any of the options.
You’re running a VERY limited set of resources compared to what you can get at other hosts with true cPanel, where you can raise them well above the defaults.
It is my job to keep my clients WAY ahead of the curves coming. And SiteGround advertised this move as eminent. It was there own lack of testing that made it not happen in the timeframe they first announced.
If you want to quit reading, fine. Stay behind the curve.