- What kind of hosting should I use? Is Webinoly the right tool for me?
- Can I use Webinoly in my shared hosting plan?
- Why doesn’t Webinoly include that software package that I want so much?
- What “Enterprise Grade” means when you say that some software can not be included?
- Why is my WordPress site so slow?
Our LEMP Stack
- What operating systems are supported by Webinoly?
- What version of PHP does Webinoly install?
- Why does Webinoly have only one PHP user for all sites?
- Should I create a SWAP file or partition before installing Webinoly?
- How can I reset Webinoly settings?
- How do I remove Webinoly from my server?
Sotware and Tools
- How can I use an external database?
- How can I recover/change my MySQL password?
- Where is the phpMyAdmin login page?
- I was asked for user and password to access a page, what are these data?
- How can I create an SSL certificate for a WordPress Multisite site with Domain Mapping?
Technical Features and Issues
- How do I configure my Firewall?
- How can I enable a user to upload content via SFTP?
- Why do I get an error when I try to create an SSL certificate?
- Why don’t I receive emails sent by WordPress or my server?
- Why HTTP/2 does not work on my website?
- What are the Webinoly’s protected areas?
- HTTP Headers and Browser Cache?
In a general way we can divide the type of hosting into two categories: shared and servers (VPS and dedicated). Webinoly is in the category of self-managed servers.
Shared Hosting – Most people and agencies use shared services by default to host entry-level websites. Simple, cheap, and enough in most cases! (No technical knowledge required) Some examples are HostGator, BlueHost and GoDaddy, just to mention a few.
VPS and Dedicated server – In both cases you have dedicated resources, in VPS you have a portion of a server and in dedicated you have a complete server for you. Typically, you will find it in three different levels of service: Managed, Semi-Managed or Self-Managed.
– Managed Services – This is the quintessential solution used for professionals. Simple, powerful, and easy for most people. Like Pagely, WP Engine, Kinsta, or Cloudways.
– Semi-Managed – You have root access, most of the companies offering this kind of services are focused on bringing tools and high-level support and help-desk experience. In some cases, you can bring your own server from a cloud provider. Typically, people chose small cloud providers like Vultr, Linode, or Digital Ocean in conjunction with services like Runcloud, ServerPilot, or any other similar cloud-based server control panel.
It’s the most expensive option, also sharing root access is needed, so it should never be used in business or enterprise environments. Most of the times is only used by beginners looking for support.
– Self-Managed – You need high-level technical skills, you are responsible for everything. You will find people using top-cloud providers like AWS, GCP, or Azure to build scalable, redundant, and more complex solutions. Also, this is the cheapest option in terms of money, you only pay for what you use (AWS EC2 t3a.nano reserved instance in USA-East is only $1.46usd per month). Are you here? Then Webinoly is the right and best tool for you!
As a personal advice, most complaints and unsatisfied people at any of these service levels come from people not choosing the right type of hosting or by having wrong expectations.
* Please, don’t be that guy in a Facebook Group very upset and complaining because his “big and very important” site is down and the AWS support team is not helping him, without mentioning how much is paying because he doesn’t even understand the AWS billing system.
Not-Technical people should always go with fully managed services (or shared for entry-level). If you or your project need some more specialized things, you should consider hiring a professional instead of just blaming the guy behind the support chat for your lack of skills. Professional projects require professional people and teams.
Read: Why is my WordPress site so slow?
If you have all the technical skills or you are willing to learn and the time is not a problem, you can always choose the Self-Managed way to unleash all the potential and build the infrastructure of your dreams, Webinoly will always be there for you as your best ally!
No, such hosting plans do not allow access with sudo privileges required to install and make adjustments to the operating system.
We know that each user has very particular needs and they find packages that they consider essential on every server.
Brotli, PageSpeed, Fail2ban, are some of the most requested by the community.
We regret to say that the inclusion of such packages is beyond the scope of this project and it is the responsibility of each user to include any other tool they deem necessary. In addition to the trust and commitment with our users to only include software from reliable sources and widely known and accepted for use in the most demanding business and corporate level environments.
Webinoly offers you a base with the essential packages, your imagination is the limit to add and build your perfect solution.
Early-adopters segment of users is always eager to have the latest software and technology installed in their servers and that’s awesome. The problem is when you start working in corporate or government environments, you will see they have very strict requirements about the software they can use in their machines and servers, highly proven mature software from very well-known trusted sources.
Another point is that we use Open Source software only, which means that every line of code is publicly available, we are always publishing what sources we use in order that you can always see what exactly is installed in your server. We use only public software packages from very well-known sources.
It’s very common that you find some people and hosting companies using their own “Nginx” packages compiled by themself for “better performance” or some “premium features”. The thing is that in most cases they are not making public all these lines of code they are adding even when it’s supposed to be open-source. Take my advice and always ask for details in this matter, there are no valid reasons to hide these things. Most of the times are not for malicious software (but who knows!), is just that they are using a bunch of low-quality modules they found for free to not pay for commercial versions (unethical?).
I know that most of the regular users don’t care about these things, but as I said before, corporate users have very strict requirements. There is no margin to trade with ethics and security! Also, I’m happy to see that in these times with e-business growing exponentially, more people are adopting these best-practices every day.
Whatever hosting service you use, you should always know what exactly is installed in your server.
Even though Webinoly is used mainly by highly skilled people, we are aware that an important segment of beginner users are using this tool to host small WP projects and ¡That’s awesome!
Web hosting – Choosing the right web hosting might be not a trivial decision.
– Read: What kind of hosting should I use?
– You should know that a lot of reviews you read out there in web communities, forums, and pages are paid, partialized, or written by one of those “experts” you find on every internet corner.
– Top-notch support and help desk service (people) are not synonymous with good hosting (server).
– Load test results can be difficult to interpret and perform correctly. You shouldn’t blindly trust these kind of reviews.
– Semi-Managed hosting is aimed at novice VPS users. You can have serious security implications by sharing your server’s root access with these services.
– My recommendation is to always choose fully managed or self-managed solutions and always using globally recognized providers.
Before choosing a more complex hosting, you should start by optimizing your WordPress theme, code, and plugins. You will be surprised with the results!
Themes – WordPress theme builders (divi, elementor, beaver, etc) are great when you are trying to learn with small projects, but the result is usually poor and heavy at code level. Professional projects should always go with your own and custom theme created and optimized by an expert developer for optimal performance.
That’s why a $100 USD popular theme can not be compared with a custom theme made by billerickson.net (not an affiliate, just an example). As a personal advice, I always use the Genesis Sample Theme as a template to build any custom solution from scratch.
Plugins – (More plugins == more problems). This is sometimes down to poorly optimized code and lack of updates, and other times they offer more features than we need. A lot of things can be done with just a couple of lines of code, you don’t need a plugin for each thing.
A WordPress site that follows coding best practices and uses high-quality plugins will only get better with every update to WordPress, so there will be no issues when it’s time to update.
Media optimization – Large images not properly resized and compressed cause a large majority of the issues we find. Images and videos are huge when it comes to reducing the website page size and load time.
External scripts – It’s very common you will find unnecessary JS, CSS, and PHP requests added by poorly coded plugins and themes. It has a huge impact on your visitors and also it’s the main cause when WP admin area is slow for logged in users.
Just remember, if you stick to the core elements you will have a website that is faster than 99% of others online. You don’t need to spend all of your time chasing the elusive 100/100 score or an A+ on each tool in order to have a super optimized site.
Officially only supports the latest LTS version of Ubuntu (20.04 and 18.04).
Although official tests are not done, it has been installed successfully in other versions.
We always install the latest stable version of PHP (v7.4) and have the option to install earlier versions (7.2 and 7.3) if needed.
First of all, if isolation is a concern for you, you should know that Webinoly is not a “shared hosting management tool” and it’s not in our plans. You can safely host as many sites as you want in your server with Webinoly and all of them will use the same PHP and NGINX user.
Is it a security risk? Definitely, NO!
It’s very useful and needed in shared-hosting environments, but it doesn’t even make sense in VPS. Unfortunately, some cheap hosting tools and solutions have promoted this as a “Security Feature”.
If you want a site isolated for any reason, you should put it in a different server, in the same way that you need to use a different account in a shared-hosting environment.
Also, WordPress Cache (FastCGI Purge) becomes a nightmare when PHP and NGINX users are different. Native FastCGI-Cache-Purging is a premium feature only included in NGINX Plus (not-free) and we recommend not to trust in solutions or tools that use third-party NGINX modules to offer this feature.
It is not necessary, Webinoly will create a SWAP file automatically when it is not found as part of the optimization process of your server, the size of the SWAP will be determined according to the amount of RAM available.
If for some reason you have modified a configuration file manually and your server has an unwanted behavior, we recommend following these steps:
– Check if there is an “Error” or “Warning” in Webinoly by executing the following command:
sudo webinoly -verify
– Reset server settings:
sudo webinoly -server-reset
You can always check our support forum and ask for help; We will gladly try to help you resolve any situation related to your server and Webinoly.
Although we regret this decision, we would appreciate you letting us know through our support forum the reason for your decision, in this way we can improve the application.
Delete installed packages and websites:
sudo stack -purge-server-all=force. This will completely eliminate all the files, configurations and optimizations made on your server.
Delete the Webinoly application:
sudo webinoly -uninstall
If you want to reinstall Webinoly your previous configuration will be recovered.
You can use the “custom” option when creating your WordPress site
sudo site example.com -wp=custom and then Webinoly will ask for the name of the “host”, by default we use the “localhost” configuration but you can indicate the route to your external database in the format
You can always recover the password for the “root” and “admin” users by running the command
sudo webinoly -dbpass from your command line.
It’s very important that whenever you want to change the password of any of these users, always use the command
sudo webinoly -mysql-password, otherwise Webinoly won’t be able to remember the current password and some commands will not work correctly causing unexpected errors.
For security we configure the access to the different tools on port 22222, for example
http://server.ip:22222/pma, you can choose a different port (0 – 65535) using the command
sudo webinoly -tools-port 65535.
Also, you can choose an existing site/domain in your server to access these tools:
sudo webinoly -tools-site=domain.com, now you can use this domain as follows:
You will need HTTP Auth credentials to access this area, see the next question.
HTTP authentication is used as an extra layer of security to protect access to some administration sections, for example, wp-login or wp-admin and the tools available on port 22222 as mentioned in the previous question.
To configure a user and password for HTTP Auth, read about the HTTPAUTH command in the documentation.
Also, you can add HTTP Auth to any folder or file you want, so you will be asked for your credentials any time you try to access.
People getting “403 Forbidden” or “401 Authorization Required” is caused because they still don’t have access to this area and they need HTTP Authentication credentials. Also, you will get an INFO message if you run the “verify” command saying that “HTTP Auth Credentials were not found”.
The recommended solution is to create “parked” sites with your mapped domain pointing to the main site of your Multisite installation and then create the certificate individually in each domain using the “-root” option to indicate the route to the main domain.
Webinoly does not include any Firewall and does not perform any automatic configuration in this regard. It is always advisable to use your own Firewall service such as UFW, the AWS Security Groups or whatever is available with your provider.
The list of ports and recommended minimum configuration can be found in the installation requirements page.
To enable access to the www-data user, you just have to run the
sudo webinoly -login-www-data=on command. As the owner of this directory on the server established by Nginx we have configured limited access and restricted access only by SFTP, thus eliminating the possibility of accessing the command line and other operating system directories.
In this way we differentiate two types of users: Users with access to the configuration of the server and the user www-data that is usually shared by web developers.
Let’s Encrypt has limits on the number of requests for the same domain and period of time, so we recommend that you be careful when testing and installing certificates.
Make sure your site is available, DNS is propagated and can be seen publicly from your browser before requesting a certificate.
Most infrastructure providers such as AWS and Digital Ocean have limitations for sending emails from their servers or instances as SPAM prevention measures, in addition to taking care of their IP addresses to prevent them from being blocked by other systems.
In most cases, just contact your provider to unlock this service. With Webinoly you have the option to easily configure an external SMTP service for sending emails.
Browsers do not support HTTP/2 without encryption, that is, our site should be running over HTTPS. With Webinoly you can configure an SSL certificate on your site easily and free of charge.
As additional security measures, Webinoly limits the number of requests allowed in certain areas that have proven to be vulnerable to receiving WordPress attacks.
All PHP files in the
/wp-admin/ directory, including the
admin-ajax.php file, in addition to the requests to the
wp-login.php file will be strictly limited.
When a considerable number of simultaneous requests is received per second to any of these files, the access will be blocked, showing the error “403 forbidden”.
We have one of the most secure and smart configurations regarding the handling of HTTP headers sent by the server.
Read the documentation in case you need some custom configuration for the HTTP Header sent by the server.
The Browser Cache configuration is already included for practically all common file extensions, so it is not necessary to use additional plugins or tools for this purpose.
If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the support forum.