WordPress based membership sites have certain requirements, and make use of certain applications that, in my experience, makes most of the popular hosting providers a poor choice.
👉 If you want to skip ahead and learn about our #1 recommendation for hosting your membership site, click HERE.
While there are plenty of excellent hosting providers out there that would work well for a regular (i.e. non-membership) website, most hosting companies don’t give you a solid foundation for launching and growing a WordPress membership site without running into constant, annoying issues.
Let’s look at some of the reasons for this…
Table of Contents
Aggressive caching breaks membership sites
Most web hosting companies that provide WordPress-specific hosting packages promise impressive page load times.
How can they make such a promise across the board despite the significant differences between various websites in terms of resources consumption, file and database sizes, traffic figures, tech stack, and other factors that influence page load times?
If I have a one-page website with only 2 plugins installed and I get a measly 10 unique visitors per day…
While YOU—you big baller, you—have a massive authority site with hundreds of pages, dozens of plugins, and thousands of visitors per day, with a gnarly ass tech stack of 50 active plugins…
Is it possible to promise the same site speed improvements?
The answer of course is NO.
But you can still achieve a significant improvement on most websites.
Most hosting providers attempt to do this by using aggressive caching techniques on the server level.
By “server level” I mean that the caching is activated by your hosting provider, and not by a plugin inside your WordPress dashboard (such as WP-Rocket).
The problem with this approach is that server level caching often “breaks” membership sites.
Specifically, caching on a membership website can result in:
- Content access issues
- Strange billing events
- Login / logout problems
…and other seemingly inexplicable issues.
Furthermore, if you turn your caching OFF—assuming your hosting provider even gives you that option—you will lose the main benefit that the hosting company promises you in the first place—increased site speed!
In a best case scenario, caching isn’t implemented as one big on/off switch but rather as a series of performance improvement “layers”.
If you could disable just that particular layer, you’d still be able to employ other layers such as Redis and OPCache.
Unfortunately, most of the managed WordPress hosting companies I’ve worked with don’t allow you to enable and disable individual caching layers.
And even more critically, very few of these providers really understand membership site software the way we do, and therefore don’t really know how to optimize it.
In truth, you need to optimize performance on both the server side AND the WordPress side and understand how they work synergistically together.
The most common suggestion you’ll hear is to upgrade to a higher hosting plan, add more CPU cores, etc.
While there’s certainly merit in allocating sufficient resources to your membership site, just throwing CPU cores at the problem is a great way to rack up a huge hosting bill while only making minor improvements to your site’s performance.
In practice, you need to address a multitude of fundamental performance elements and do so in a competent manner, or you’ll never achieve blazing fast performance under load.
Not enough caching exclusions
Similarly, sometimes you only need certain posts or pages to be excluded from getting cached.
It makes sense that you’d want your forward-facing pages – such as your sales pages, landing pages, blog, etc. – to receive the speed benefits of caching.
Yet you want to exclude all system pages and member-facing pages (login, logout, my account, my profile, etc.) from being cached, as not doing so often results in weird conflicts.
Some hosting companies allow you to request caching exceptions from the support team.
While I don’t know how each individual hosting provider handles this situation, and some may be more generous than others, my experience with WPEngine (who I’m not picking on, but just using as a readily available example) is that they only give you about 10 exceptions.
Too many exceptions negatively impacts the performance of the server, which also hosts other customers’ websites in addition to your own (that’s right folks, WPEngine is shared hosting).
How likely is it that your membership site will have only 10 or fewer pages that need to be excluded from the cache?
Pretty darn unlikely.
Which makes WPEngine problematic as a hosting provider for membership websites, as detailed in this case study of Brittany Lynch’s authority membership site.
What you really need is the ability to exclude an unlimited amount of pages from getting cached, among other options.
I reiterate that this aggressive server-side caching would be fine if you were running a non-membership site, so long as it didn’t conflict with any of your other applications.
But often the conflict is unresolvable.
This is by the way one of the reasons why it’s always a good idea to keep your “main” site and your membership site on completely separate domains.
Site speed chained to caching
One of the chief value propositions of many WordPress-focused hosting companies is faster load times for your websites.
But they achieve this increased speed through aggressive caching.
While that would be fine for a non-membership site, this caching very often causes all sorts of conflicts with the various WordPress membership scripts including MemberMouse, Digital Access Pass (DAP), MemberPress, OptimizeMember, iMember360, and others.
It’s not surprising that heavy caching impacts most of the major membership plugins in strange ways because caching by its very nature conflicts with the way membership plugins function.
If you disable caching – if it’s even an option – you fix the conflict.
However, you wind up losing the speed boost that you signed up for in the first place.
So why would you pay a premium for a hosting platform whose main benefit doesn’t apply to your websites?
Thankfully, caching isn’t the only factor that influences site speed.
There are (at least) three other important factors:
1. Server location
2. Quality and configuration of the server
3. Number of applications and activity on the server
Let’s take a quick look at each of these factors…
The importance of your server location
Most hosting providers don’t give you the ability to deploy your server in the geography of your choice.
That’s unfortunate because the closer your server is to your visitors’ location, the faster your site will load for them.
If, for example, your audience is primarily Australians, having your server located somewhere in the USA would result in really slow page load times because their devices (in Australia) have to connect to a server on the other side of the world (in the US).
Some cloud hosting providers allow you to choose your server location, and I consider it to be a huge (and rather underrated) selling point because it can have such a profound effect on page load times.
Further, if you can’t make full use of caching on a membership site (which you can’t), you want to max out the other speed factors.
And server location is a biggie.
Quality and configuration of your server
Suffice it to say that you want your site hosted on the highest quality servers possible, which are configured as optimally as possible.
These are really two separate issues but I’ve bundled them together because a fastidious configuration on a fundamentally poor quality server will still yield poor results.
You need both.
And of course, every hosting company claims they have “best in class” servers and pepper their sales copy with superlatives.
That may or may not be true of certain providers; it’s impossible to prove one way or another.
My strategy is much simpler.
I use the most trusted cloud hosting providers in the world and let them worry about the hardware.
These are the best-known providers in the world, who invest millions of dollars into industry-leading infrastructure.
So you may as well partner with them if you can (and you can!)
And in fact, you may be surprised to learn that many of the largest hosting companies in the world piggyback on these very same providers – most typically AWS – for their server needs.
By using one of these cloud hosting providers you have more freedom about where your server is located and how it’s configured.
Thus you can provide the best possible page load times to your visitors without having to rely solely on aggressive caching techniques, which are likely to interfere with the functioning of your membership site in the first place.
Number of websites on your server affects load times
The more applications (websites) you have on your server, the more these sites compete for your finite server resources.
This is the reason that shared hosting is generally slower than dedicated, VPS and cloud hosting.
It’s because the shared server not only hosts all of your domains but also the domains of hundreds, even thousands of other customers.
In this model hosting companies keep tight controls over resource consumption (SiteGround is infamous for being particularly stingy) because if they allow unchecked resource usage their costs per customer would skyrocket, and the performance of the other sites on the server would fall.
If you’re just starting out with your project or are trying to validate if it’s a viable business idea, shared hosting is actually a good deal simply because it’s cheap.
Once you’re getting ready to launch a product to an eager audience, or you’re already making sales of your membership, THEN it’s time to get off shared hosting and outlay for a more professional solution.
Best shared hosting for a membership site
The best shared hosting provider I’ve had the pleasure to work with is MediaTemple, and they’re who I’d recommend if you’re just starting out.
By the way, I get no money for endorsing MediaTemple.
Whereas if I told you that Bluehost is the best I’d get $100 commission straight to my Paypal if you signed up with my referral link (Pat Flynn from SmartPassiveIncome.com earns tens of thousands of dollars per month recommending Bluehost to his audience).
WPEngine pays out over $200 per referral.
And that’s the rub.
If you search around online you’ll find a lot of people who recommend HostGator, Bluehost, GoDaddy, Siteground and others and all tout them as “the best”.
But it’s hard to gauge whether these are genuine endorsements based on a lot of positive personal experience with these companies OR biased endorsements because referring a new customer pays incredible commissions.
In far too many cases I suspect it’s the latter.
My experience with HostGator, Bluehost, and GoDaddy has been that they are high-volume providers who don’t give you the best performance, outsource all of their support to India (which would be fine if the support didn’t suck), and try to sell you a bunch of crap you don’t need all the time.
Not to mention, they partner with crooked companies like Sitelock to try and screw honest people who don’t know any better out of their hard-earned cash.
Not my kind of company.
Is SiteGround a good hosting provider for membership sites?
SiteGround is perhaps the most highly recommended hosting company online.
But my experience with them has not been very positive.
There are two areas in particular where SiteGround do a poor job.
First, they start your hosting account out in “resource starvation”.
Let me explain what that means.
One of my customers had built a membership site but only had a small trickle of traffic and members.
I’m talking less than 20 unique visitors per day…
The site itself is standard fare and doesn’t run some insane amount of resource-hungry applications that would bring his server to the brink of burnout.
Yet shortly after completing the site he received a message from SiteGround informing him that he was running out of resources and if he wanted to continue running his site without issues, he’d need to upgrade to a plan that offers additional resources.
This, to me, is some sneaky shit.
In fact, it’s been reported all over the web by other SiteGround customers who quite rightly wondered how their dinky little sites with little to no traffic could possibly consume enough resources to warrant an upgrade.
Answer: it’s because SiteGround’s entry level plan is so fundamentally limited that you will inevitably run into resource consumption issues.
Then when you write in to support to complain you will most certainly get pitched on their next tier of service.
In contrast, on CloudWays you can run a WordPress site that gets 10 THOUSAND unique visitors per month on a pipsqueak 1GB server instance from Digital Ocean for all of $17/month, and you’re unlikely to go into resource starvation.
The SECOND major problem with SiteGround is that when you submit a support ticket, multiple support agents reply to it.
This often results in your issue being volleyed back and forth between different support reps with nobody taking full ownership of solving your problem.
This increases the time to resolution and pisses off customers who quite naturally feel like support keeps passing the baton instead of running it home.
Their support also has a strange approach of notifying but not rectifying.
In terms of notifying, they do a fantastic job.
“Sir, you have such and such a problem, and here’s why, and here’s what you might do to fix it.”
Whereas what you want is: “Sir, please wait a moment. [5 minutes later] Ok, please check your site now. [Problem fixed]”
Subtle difference that makes all the difference.
My beef with “managed” WordPress hosting
The so-called managed WordPress hosting industry has been exploding over the past few years.
There are countless hosting providers who offer WordPress-specific hosting and market it under the name “managed WordPress hosting”.
Many of them are essentially resellers of Amazon’s cloud hosting platform, or Digital Ocean, or Google Cloud, or others.
Then there are the more well-known web hosts you’ve probably heard of like WPEngine, Pagely, Flywheel, Liquid Web, et al.
But how do these companies define “managed”, anyway?
Do they actual “manage” anything?
From what I can tell, “managed” is a marketing term rather than an apt description of what you get.
It mostly means that they configure your hosting “stack” in a particular way so you don’t have to.
Otherwise you’d have to hire a sys admin to do it for you since it’s pretty technical stuff.
From that perspective, virtually every hosting company that provides WordPress hosting is “managed”.
It can also mean that you get automated backups, and other sundry items that, to me, should already be a core part of any hosting offering for non-technical end users (i.e. the great majority of people!)
So in the sense that you don’t have to set up and configure your server settings from scratch, the hosting is indeed managed.
But in the sense that real human beings are looking after and taking care of your site proactively as if it were their own, they are most certainly NOT managed.
What we do at MemberHost (my hosting company) can more accurately be described as managed; what the other guys do might be better described as “configured”.
Bundle up with managed WordPress hosting
Furthermore, managed WordPress hosting packages typically consist of a number of features or products bundled together.
Often when you sign up for a product or service, you only really want one or two high-value features.
But you tend to accept the rest of the bundle because that’s the price of getting those coveted main features.
Or you simply go to another provider.
I learned this lesson when I was collecting customer feedback for my podcast production service, JustRecord.it.
I was offering an all-inclusive, done-for-you service where I would edit your podcast, transcribe it, write a blog post about it, post on social media, write your broadcast email, etc.
But as it turns out, people only really care about editing and (to a lesser degree) transcription.
All of the other services I’d bundled together were pretty much worthless to my prospective customers, and served merely to raise the price and dilute my offer.
So I used the CloudWays hosting platform.
It allows you to choose what you need á la carte without forcing you to accept a bunch of low-value services and features that you may not need.
For a serious membership site you’ll want our MemberHost hosting, but for static sites and very low traffic sites, CloudWays is awesome.
Taking Security Seriously (Without Seriously Taking Advantage)
Security is an often misunderstood subject simply because most people don’t understand it.
(I know, I ought to write zen koans for a living).
This creates a situation where many companies take unfair advantage of people who don’t know any better when it comes to security.
Because the very mention of a hacked site strikes instant fear into the hearts of website owners everywhere, it becomes incredibly easy to sell somebody a service that they don’t actually need.
Bluehost Tries to Screw my Customer, Hilarity Ensues
My experience with Bluehost, for instance, illustrates this point perfectly.
Their malware scanners identified an infected file on one of my customer’s websites and immediately shut down their entire server.
All of my customer’s websites, which collectively generate thousands of dollars in sales per day had been shut down on the basis of an alleged malware infection.
When I got on the horn with Bluehost support they insisted that we had to pay $250 to clean up the hack.
“What hack?” I asked.
They were strangely reluctant to tell me where the supposedly hacked file was located in my client’s directory structure.
But I managed to get it out of them.
I then asked my malware removal specialist Cristian to investigate the situation.
Lo and behold, he found that the file in question was not in fact malware, but a licensing file with obfuscated code.
I messaged Bluehost support and they reinstated the websites.
But shortly after that we had a repeat of the same exact situation.
You see, most of these larger hosting companies use automated malware scanning scripts which often return false positives.
However, the second time around support refused to tell me all of the allegedly infected files so I wasn’t able to clean it myself, or even determine if any cleaning was needed!
I found this withholding of information to be total bullshit (most likely illegal bullshit, I might add).
Here Bluehost shuts down your site on the basis of an alleged hack, refuses to tell you where the hack is, demand $250 to clean up the problem (even if there isn’t one), and holds your sites (all of them) hostage until you do.
Is that not the definition of extortion?
As infuriating as this is, the reality is that most website owners would probably pay the fee and chalk it up to the cost of doing business online.
In fact, I suspect that many companies generate millions of dollars in ill-gotten revenue by exploiting this combination of fear and ignorance.
Once I explained this situation to my client and told her that I’d be happy to host her site for her, she eagerly agreed.
Bluehost practically pushed her into my arms.
I then requested that Bluehost reinstate the websites temporarily so we could move them but they were uncooperative on this point, too.
So we had to manually migrate all of my customer’s websites and manually clean them and harden them against future attacks.
How many problems have we had since then? ZERO.
That’s not surprising because we take security very seriously.
As soon as we learned about the CloudFlare data leak, for instance, we immediately went through and updated the salts in the wp-config.php file of all our customer websites that are run through CloudFlare (among other security measures).
Good security is largely a matter of preventative maintenance.
But if your site gets hacked, God forbid, your hosting provider should be all over it and it shouldn’t cost you an arm and a leg.
That’s why we do affordable malware cleanup for sites that aren’t hosted by us and free malware cleanup for our loyal customers.
Sitelock Tries to Scare My Customer Using Bully Tactics, hilarious GIF usage ensues
But the lay person who just wants to run their online business without incident remains an easy target for this breed of vultures.
Like Bluehost (who pimp Sitelock to their customers) they feed on a combination of fear and ignorance to secure the sale.
To wit, I recently moved one of my customers over from GoDaddy to my hosting platform.
A few days later she forwarded me a message that she received from SiteLock which she had active on her GoDaddy account.
They alleged that there was malware (so called “cross-domain scripting”) on her website and that she should pay to clean it up.
The only problem with their claim was that the website files and databases were already on my hosting platform, and the DNS was pointing to us too.
Therefore, if there was any vulnerability, it was a non-issue because all of the sites on that server were no longer hosted with GoDaddy, and we’d already cleaned and hardened the site.
My customer forwarded my reply to Sitelock and they responded saying that we still had some DNS records pointed to GoDaddy and that this still represented a vulnerability.
Again, this is a situation where somebody who doesn’t know about this stuff would probably say “oh ok, well let’s do it then. How much?”
But the only DNS records that matter in this instance are the A Record and the CNAME, which were both pointed to our CloudWays account.
The other DNS records were legacy records that can in no way cause or permit a hack to occur.
Sitelock was straight up lying to my customer to try to sell her their bullcrap service.
She asked to cancel and they demanded a $500 cancellation fee because she’d paid for a year up front.
I had our malware removal specialist Cristian look at the notification from Sitelock and he told me that the cross-scripting “vulnerability” is not even a real vulnerability.
Sure sounds real though, doesn’t it?
Sitelock then graciously suggested that we install their app on MY servers…
I’m grateful to the universe that I happened to have the perfect GIF with which to communicate my reply:
Credit: Jockopodcast.com – my favorite podcast these days.
The truth about WordPress website security
WordPress website security is in fact a rather simple matter (for the end user anyway) that consists of a few fundamental truths:
1. It’s impossible to completely prevent malware / hacks.
2. Make sure to update your plugins and themes and WordPress version regularly (MemberFix can do this for you via our Care Plans)
Un-updated apps represent one of the largest security vulnerabilities in WordPress, even if they’re deactivated.
In fact, deactivate and delete all plugins and themes that you aren’t using.
3. Follow WordPress security best practices.
Here are three resources directly from our internal documentation for customer security.
You can copy these directly into your company’s security documentation, or hand it off to a contractor to help you secure and harden your domains.
Best Membership Site Hosting: The Final Verdict
I have 3 recommendations depending on where you’re at…
If you’re just starting out
If you’re just getting started with your membership site, don’t have paying members, or you just don’t know if you have a winning business concept yet, I’d go with MediaTemple.
They have an affordable, high quality product and I’ve had a stellar experience with them across the board.
If you already have a membership site (tech savvy)
If you’re somewhat technically savvy in the area of systems administration, or have a team member to whom you can delegate server issues, I’d go with CloudWays.
CloudWays is great if you still have low traffic and a basic tech stack.
CloudWays essentially provides a user-friendly bridge between the top, high-performance cloud hosting providers in the word – like Amazon, Vultr, and Digital Ocean, et al – and average (i.e. NON sys admin) end users like you and me.
But be warned that CloudWays doesn’t offer you the same experience you may be used to with other hosting providers…
While their support is fantastic and always eager to help you out of a jam, the product itself is closer to the metal so you’ll need to be more technically proficient than if you were hosted with say, Bluehost.
Unlike “generic” hosting products which cater to (and sadly often exploit) the much larger segment of less technically knowledgable consumers, CloudWays leaves things more in your hands.
With more power and flexibility comes more responsibility.
Why do you think big companies hire dedicated systems administrators?
They’re not hosting their business websites on GoDaddy, I can guarantee you that!
CloudWays has no cPanel, no email server, no SMTP email (I use AuthSMTP), no file manager, no DNS manager – none of that stuff!
If you already have a live site with members
If you need incredible performance for your WordPress membership site, my hosting company, MemberHost is your best choice.
And it’s not just a matter of opinion.
We smoke pretty much everybody in our performance testing and load testing benchmarks.
The numbers don’t lie!
We really deliver the goods if you have a “transactionally heavy” tech stack that uses plugins such as:
The other critical difference between MemberHost and most mainstream providers is that they punish you for success.
When your site starts to do really well and get lots of members, that’s when you typically start to get WordPress errors (400, 500), major slow downs of your site (1 minute to load wp-admin…give me a break!), and outages.
That’s because once you reach a particular threshold of concurrent users, your server can’t handle the load.
This image illustrates how that looks:
The way that we configure membership site-compatible caching, horizontal and vertical scaling, and real time failover ensures that the above scenario never happens.
It’s ridiculous that at the exact moment when your site is FINALLY kicking ass, making money, and helping people en masse, that’s when your hosting provider is going to crash and burn.
MemberHost’s ability to handle a huge volume of concurrent users and scale seamlessly without creating errors or slow downs for your site is the single biggest benefit that we offer over the competition. 🤷♂️
Oh, and we don’t charge you overages, recommend unnecessary additional resources, or hold back information about our tech stack.
We are 100% transparent about everything we do (save a few little technical details that represent a competitive advantage).
As I explained in an interview with Richard Patey, I don’t think busy business owners should be dealing with hosting “stuff” at all.
As I explained in an interview with Richard Patey, I don’t think busy business owners should be dealing with hosting “stuff” at all.
I mean, don’t you have better things to do than to configure DNS, email, FTP, and whatever else?
Of course you do!
You just need a site that runs and runs well AND – in line with my crazy but actually not-so-crazy vision of hosting – actually gives you a competitive advantage because your site is faster and more secure than your competitors’.
Faster site = better rankings in Google, improved conversions, better user experience.
More secure site = much lower chance that something catastrophic happens to the “home” where your business ‘lives’ online.
Managed-for-you = you can focus on the “Deep Work” that actually moves the needle for your business and forget about hosting concerns knowing that professionals are handling it.
Membership site hosting that doesn’t suck
One thing I forgot to mention is that before starting MemberHost my primary business was (and still is to this day) setting up and supporting WordPress membership sites (primarily through my MemberFix service).
Thanks to years of working with membership sites, I’ve gained insights into the intricacies of this space (both technical and marketing-oriented insights) that perhaps only a few hundred people in the entire world possess.
This means that if you choose to host a membership site with me you get the additional benefit of my unique expertise in this area.
I’ve mentioned many times before that when Josh Denning and I conceived the idea for hosting it was to give our own websites a competitive advantage.
Are you overpaying for low performance hosting?
👉 Want to see how our WordPress membership site hosting stacks up to your current provider? Fill out and submit the form below and we’ll do a free performance comparison. No pressure or gimmicks. Just no BS data to help you make the right decision for your business! 🙂
Initially we didn’t even intend for this to be a commercial endeavor.
But we quickly realized that we could offer our customers a tremendous amount of value if we could give their websites the same meticulous attention that we paid to our own online properties.
This intention has permeated our company ethos from day one.
We treat our customers’ websites as if they were our own, and we consider our customers to be part of our family.
This approach has so far served us and our customers well.
While I didn’t intend for this article to be a critique of “those other” hosting companies and an endorsement of my own I guess it turned out that way haha.
Oh well, I’ve never been one to shy away from calling BS on professional BSers and I feel I’ve made my case objectively.
You can make up your own mind about the rest. 🙂