Frequently Asked Questions

General Interest

Our LEMP Stack

Sotware and Tools

Technical Features and Issues

What kind of hosting should I use? Is Webinoly the right tool for me?

Shared Hosting – Most people and agencies use shared services by default to host entry-level websites. Simple, cheap, and enough in most cases! (No technical knowledge required) Some examples are HostGator, BlueHost, Siteground and GoDaddy, just to mention a few.

VPS and Dedicated server – In both cases you have dedicated resources, in VPS you have a portion of a server and in dedicated, also known as Bare Metal or Single-Tenant server, you have a complete server for you. Typically, you will find it in three different levels of service: Managed, Semi-Managed or Self-Managed.

  • Managed Services – This is the quintessential solution used by professionals. Simple, powerful, and easy for most people. Like Pagely, Pantheon, WP Engine, Kinsta, or Cloudways.
  • Semi-Managed – Most of the companies offering this kind of services are focused on bringing tools and high-level support and help-desk experience. In some cases, you can bring your own server from a cloud provider. Typically, people chose small cloud providers like Vultr or Linode in conjunction with services like Runcloud, ServerPilot, or any other similar cloud-based server control panel. It’s the most expensive option, also sharing root access is needed, so it should never be used in business or enterprise environments. Most of the times is only used by beginners looking for support.
  • Self-Managed – You need high-level technical skills, you are responsible for everything. You will find people using top-cloud providers like AWS, GCP, or Azure to build scalable, redundant, and more complex solutions. Also, this is the cheapest option in terms of money, you only pay for what you use (AWS EC2 t3a.nano reserved instance in USA-East is only $1.46usd per month). Are you here? Then Webinoly is the right and best tool for you!

As a personal advice, most complaints and unsatisfied people at any of these service levels come from people not choosing the right type of hosting or by having wrong expectations.

* Please, don’t be that guy in a Facebook Group very upset and complaining because his “big and very important” site is down and the AWS support team is not helping him, without mentioning how much is paying because he doesn’t even understand the AWS billing system.

Not-Technical people should always go with fully managed services (or shared for entry-level). If you or your project need some more specialized things, you should consider hiring a professional instead of just blaming the guy behind the support chat for your lack of skills. Professional projects require professional people and teams.

Read: Why is my WordPress site so slow?

If you have all the technical skills or you are willing to learn and the time is not a problem, you can always choose the Self-Managed way to unleash all the potential and build the infrastructure of your dreams, Webinoly will always be there for you as your best ally!

Can I use Webinoly in my shared hosting plan?

No, such hosting plans do not allow access with sudo privileges required to install and make adjustments to the operating system.

Why doesn’t Webinoly include that software package that I want so much?

We know that each user has very particular needs and they find packages that they consider essential on every server.

Brotli, PageSpeed, Fail2ban, are some of the most requested by the community.

We regret to say that the inclusion of such packages is beyond the scope of this project and it is the responsibility of each user to include any other tool they deem necessary. In addition to the trust and commitment with our users to only include software from reliable sources and widely known and accepted for use in the most demanding business and corporate level environments.

Webinoly offers you a base with the essential packages, your imagination is the limit to add and build your perfect solution.

What “Enterprise Grade” means when you say that some software can not be included?

Early-adopters segment of users is always eager to have the latest software and technology installed in their servers and that’s awesome. The problem is when you start working in corporate or government environments, you will see they have very strict requirements about the software they can use in their machines and servers, highly proven mature software from very well-known trusted sources.

Another point is that we use Open Source software only, which means that every line of code is publicly available, we are always publishing what sources we use in order that you can always see what exactly is installed in your server. We use only public software packages from very well-known sources.

It’s very common that you find some people and hosting companies using their own “Nginx” packages compiled by themself for “better performance” or some “premium features”. The thing is that in most cases they are not making public all these lines of code they are adding even when it’s supposed to be open-source. Take my advice and always ask for details in this matter, there are no valid reasons to hide these things. Most of the times are not for malicious software (but who knows!), is just that they are using a bunch of low-quality modules they found for free to not pay for commercial versions (unethical?).

I know that most of the regular users don’t care about these things, but as I said before, corporate users have very strict requirements. There is no margin to trade with ethics and security! Also, I’m happy to see that in these times with e-business growing exponentially, more people are adopting these best-practices every day.

Whatever hosting service you use, you should always know what exactly is installed in your server.

Is Webinoly only for WordPress? And should I use WordPress for my next project?

WordPress is great, almost 40% of the Internet runs on WP, it’s amazing what this tool has achieved to make the web affordable and within the reach of everyone.

That not means that is the perfect choice for every project, and of course, such a big segment of users comes with its own downsides, especially with a community mostly conformed by highly enthusiastic people with no formal training in software engineering topics. Even amongst the most well-known and reputable brands in the WordPress ecosystem is hard to find quality products for plugins and themes. This is perfect for most of the common web projects, but it becomes a problem when you want to build complex solutions with enterprise requirements.

And don’t take me wrong, that just means that you should be extra careful when choosing the right tools to work on a WP project.

In Webinoly you can easily run any other tool according to your needs on our LEMP stack to host your app or website like: Laravel, Node, Angular, React, Vue, Joomla, Drupal, Magento, Gatsby, Hugo, Typo3, etc.

Why is my WordPress site so slow?

Even though Webinoly is used mainly by highly skilled people, we are aware that an important segment of beginner users are using this tool to host small WP projects and ¡That’s awesome!

Web hosting – Choosing the right web hosting might be not a trivial decision.

  • Read: What kind of hosting should I use?
  • You should know that a lot of reviews you read out there in web communities, forums, and pages are paid, partialized, or written by one of those “experts” you find on every internet corner.
  • Top-notch support and help desk service (people) are not synonymous with good hosting (server).
  • Load test results can be difficult to interpret and perform correctly. You shouldn’t blindly trust these kind of reviews.
  • Semi-Managed hosting is aimed at novice VPS users. You can have serious security implications by sharing your server’s root access with these services.
  • My recommendation is to always choose fully managed or self-managed solutions and always using globally recognized providers.

Before choosing a more complex hosting, you should start by optimizing your WordPress theme, code, and plugins. You will be surprised with the results!

Themes – WordPress theme builders (divi, elementor, beaver, oxygen, etc) are great for entry-level projects, but the result is usually poor and heavy at code level. Professional projects should always go with your own and custom theme created and optimized by an expert developer for optimal performance.

That’s why a $100 USD popular theme can not be compared with a custom theme made by billerickson.net (not an affiliate, just an example).

Plugins – (More plugins == more problems). This is sometimes down to poorly optimized code and lack of updates, and other times they offer more features than we need. A lot of things can be done with just a couple of lines of code, you don’t need a plugin for each thing.

A WordPress site that follows coding best practices and uses high-quality plugins will only get better with every update to WordPress, so there will be no issues when it’s time to update.

Media optimization – Large images not properly resized and compressed cause a large majority of the issues we find. Images and videos are huge when it comes to reducing the website page size and load time.

External scripts – It’s very common you will find unnecessary JS, CSS, and PHP requests added by poorly coded plugins and themes. It has a huge impact on your visitors and also it’s the main cause when WP admin area is slow for logged in users.

Just remember, if you stick to the core elements you will have a website that is faster than 99% of others online. You don’t need to spend all of your time chasing the elusive 100/100 score or an A+ on each tool in order to have a super optimized site.

What operating systems are supported by Webinoly?

Officially only supports the latest LTS version of Ubuntu (24.04 and 22.04).

What version of PHP does Webinoly install?

We always install the latest stable version of PHP (8.4) and have the option to install earlier versions (8.3, 8.2, 8.1, 8.0 or 7.4) if needed.

Why does Webinoly have only one PHP user for all sites?

First of all, if isolation is a concern for you, you should know that Webinoly is not a “shared hosting management tool” and it’s not in our plans. You can safely host as many sites as you want in your server with Webinoly and all of them will use the same “www-data” PHP and NGINX user.

Is it a security risk? Definitely, NO!

Actually, we have an option to enable www-data for SFTP access, this way users can easily upload files to any site.

Having multiple users can be useful and needed in shared-hosting environments, but it doesn’t even make sense in VPS. Unfortunately, some cheap hosting tools and solutions have promoted this as a “Security Feature”.

If you want a site isolated for any reason, you should put it in a different server, in the same way that you need to use a different account in a shared-hosting environment.

Also, WordPress Cache (FastCGI Purge) becomes a nightmare when PHP and NGINX users are different. Native FastCGI-Cache-Purging is a premium feature only included in NGINX Plus (not-free) and we recommend not to trust in solutions or tools that use third-party NGINX modules to offer this feature.

Why do I sometimes see some errors during the installation process?

First of all, it’s very rare, but it has happened.

Webinoly is just a very smart script that installs external packages, like Nginx, PHP, etc. and sometimes these external sources just fail. These packages are not contained in Webinoly, they are just installed from their official repositories, that means that if some of these repos fail, because even the biggest and most reputable names fail from time to time, then you will see some errors because Webinoly can not install one of these packages and there’s nothing we can do, that’s totally out of our hands.

For example, Nginx is installed from the official source – https://nginx.org/packages/ubuntu/ – if this server is down or having issues, or your network is having problems connecting with this server, etc. Then you will see an error! The same for any other package installed and managed by Webinoly.

You can see all the sources for each package in our stack documentation.

Should I create a SWAP file or partition before installing Webinoly?

It is not necessary, Webinoly will create a SWAP file automatically when it is not found as part of the optimization process of your server, the size of the SWAP will be determined according to the amount of RAM available.

How can I reset Webinoly settings?

If for some reason you have modified a configuration file manually and your server has an unwanted behavior, we recommend following these steps:

– Check if there is an “Error” or “Warning” in Webinoly by executing the following command: sudo webinoly -verify
– Reset server settings: sudo webinoly -server-reset

You can always check our Discussion Area and ask for help; We will gladly try to help you resolve any situation related to your server and Webinoly.

How can I add my own Nginx rules or modify any other server configuration?

How do I remove Webinoly from my server?

Although we regret this decision, we would appreciate you letting us know through our Community Forum the reason for your decision, in this way we can improve the application.

Delete installed packages and websites: sudo stack -purge-server-all=force. This will completely eliminate all the files, configurations and optimizations made on your server.

Delete the Webinoly application: sudo webinoly -uninstall

If you want to reinstall Webinoly your previous configuration will be recovered.

How can I use an external database?

You can use the “custom” option when creating your WordPress site sudo site example.com -wp=custom and then Webinoly will ask for the name of the “host”, by default we use the “localhost” configuration but you can indicate the route to your external database in the format example.com:port.

How can I recover/change my MySQL password?

You can always recover the password for the “root” and “admin” users by running the command sudo webinoly -dbpass from your command line.

It’s very important that whenever you want to change the password of any of these users, always use the command sudo webinoly -mysql-password, otherwise Webinoly won’t be able to remember the current password and some commands will not work correctly causing unexpected errors.

Where is the phpMyAdmin login page?

For security we configure the access to the different tools on port 22222, for example http://server.ip:22222/pma, you can choose a different port (0 – 65535) using the command sudo webinoly -tools-port 65535.

Also, you can choose an existing site/domain in your server to access these tools: sudo webinoly -tools-site=domain.com, now you can use this domain as follows: https://domain.com:22222/pma.

You will need HTTP Auth credentials to access this area, see the next question.

I was asked for user and password to access a page, what are these data?

HTTP authentication is used as an extra layer of security to protect access to some administration sections, for example, wp-login or wp-admin and the tools available on port 22222 as mentioned in the previous question.

To configure a user and password for HTTP Auth, read about the HTTPAUTH command in the documentation.

Also, you can add HTTP Auth to any folder or file you want, so you will be asked for your credentials any time you try to access.

People getting “403 Forbidden” or “401 Authorization Required” is caused because they still don’t have access to this area and they need HTTP Authentication credentials. Also, you will get an INFO message if you run the “verify” command saying that “HTTP Auth Credentials were not found”.

How can I create an SSL certificate for a WordPress Multisite site with Domain Mapping?

The recommended solution is to create “parked” sites with your mapped domain pointing to the main site of your Multisite installation and then create the certificate individually in each domain using the “-root” option to indicate the route to the main domain.

How do I configure my Firewall?

Webinoly does not include any Firewall and does not perform any automatic configuration in this regard. It is always advisable to use your own Firewall service such as UFW, the AWS Security Groups or whatever is available with your provider.

The list of ports and recommended minimum configuration can be found in the installation requirements page.

How can I enable a user to upload content via SFTP?

To enable access to the www-data user, you just have to run the sudo webinoly -sftp=on command. As the owner of this directory on the server established by Nginx we have configured limited access and restricted access only by SFTP, thus eliminating the possibility of accessing the command line and other operating system directories.

In this way we differentiate two types of users: Users with access to the configuration of the server and the user www-data that is usually shared by web developers.

Why do I get an error when I try to create an SSL certificate?

Let’s Encrypt has limits on the number of requests for the same domain and period of time, so we recommend that you be careful when testing and installing certificates.

Make sure your site is available, DNS is propagated and can be seen publicly from your browser before requesting a certificate.

Why don’t I receive emails sent by WordPress or my server?

Most infrastructure providers such as AWS and Digital Ocean have limitations for sending emails from their servers or instances as SPAM prevention measures, in addition to taking care of their IP addresses to prevent them from being blocked by other systems.

In most cases, just contact your provider to unlock this service. With Webinoly you have the option to easily configure an external SMTP service for sending emails.

Why HTTP/2 or HTTP/3 does not work on my website?

Browsers do not support HTTP/2 or HTTP/3 without encryption, that is, our site should be running over HTTPS. With Webinoly you can configure an SSL certificate on your site easily and free of charge.

Also, be sure the port 443 (both TCP and UDP) is open in your firewall.

What are the Webinoly’s protected areas?

As additional security measures, Webinoly limits the number of requests allowed in certain areas that have proven to be vulnerable to receiving WordPress attacks.

All PHP files in the /wp-admin/ directory, including the admin-ajax.php file, in addition to the requests to the wp-login.php file will be strictly limited.

When a considerable number of simultaneous requests is received per second to any of these files, the access will be blocked, showing the error “403 forbidden”.

HTTP Headers and Browser Cache?

We have one of the most secure and smart configurations regarding the handling of HTTP headers sent by the server.

Read the documentation in case you need some custom configuration for the HTTP Header sent by the server.

The Browser Cache configuration is already included for practically all common file extensions, so it is not necessary to use additional plugins or tools for this purpose.

Why some files and extensions are blocked by Webinoly and cannot be accessed or downloaded?

Yes, this is a security feature!

Some common extensions for backups, compressed (tar, rar, etc.), executable (exe, msi, etc.), and data (log, sql, conf, etc.) files, all of them are blocked by default.

For example, for unknown reasons, “Matomo WordPress Plugin” uses the node_modules folder, which is obviously blocked by default in Webinoly.

You can change these settings in the Webinoly Configuration file.

Why Bash is required/recommended as interactive shell when Webinoly is used?

In short, Webinoly is developed and documented using Bash and some kind of commands will not work as expected if entered in a different shell, sudo site example.com -proxy=[localhost:8082], for instance. It will fail in ZSH.

You should note that “interactive shell”, is not the same as “login shell”.

As you can see, a lot of examples shown in our documentation will not work. and users can be easily get confused. For advanced users we have an option to disable this shell check, in Webinoly configuration file set: shell-check:false.

If you have any questions, suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the Discussions Area.