Frequently Asked Questions


General Interest

Our LEMP Stack

Sotware and Tools

Technical Features and Issues

What kind of hosting should I use? Is Webinoly the right tool for me?

Selecting the right hosting depends on your technical expertise, budget, and performance requirements. You can choose from three main options:

Shared Hosting: Ideal for beginners or entry-level websites.

  • Pros: low cost, simple setup, no server management skills required.
  • Cons: limited resources, less control.
  • Examples: HostGator, BlueHost, SiteGround, GoDaddy.

VPS and Dedicated Servers: Both provide dedicated resources: a VPS gives you a slice of a server; a Dedicated (Bare-Metal / Single tenant) server gives you the entire machine. Service tiers:

  • Managed: This is the quintessential solution used by professionals. Simple, powerful, and easy for most people. For example: Pagely, Pantheon, WP Engine, or Kinsta.
  • Semi-Managed: Typically, people chose small cloud providers like Vultr or Linode in conjunction with services like Runcloud, ServerPilot, or any other similar cloud-based server control panel. It’s the most expensive option and root access is required, so it should never be used in business or corporate environments.
  • Self-Managed: You handle all administration; best for advanced users. You will find people using top-cloud providers like AWS, GCP, or Azure to build scalable, redundant, and more complex solutions. Are you here? Then Webinoly is the right and best tool for you!

Avoid common pitfalls by selecting the appropriate hosting solution for your needs. Not-Technical people should always go with fully managed services (or shared for entry-level).

Can I use Webinoly in my shared hosting plan?

No. Webinoly requires root or sudo access to install and configure system-level packages (Nginx, PHP, MySQL/MariaDB, etc.), and shared hosting environments do not provide that level of control.

Why doesn’t Webinoly include my preferred software package by default?

Webinoly focuses on delivering a secure, enterprise-grade LEMP foundation using only widely tested and trusted open-source components. We keep the core stack lean to ensure:

  • Security and stability: Fewer default packages reduce the attack surface and minimize unpredictable interactions.
  • Predictable maintenance: Limiting dependencies simplifies upgrades and lowers the risk of version conflicts.
  • Enterprise compliance: We source everything from reputable repositories with transparent, auditable code.

Brotli, PageSpeed, Fail2ban, are some of the most requested by the community.

You’re not limited by the defaults—you can install any additional software via your package manager and adjust Webinoly’s configuration as needed. For detailed examples and best practices, see our custom configurations documentation.

What “Enterprise Grade” mean?

Enterprise-grade software is designed to meet the rigorous demands of large organizations, ensuring reliability, security, and seamless integration with existing systems. In our context, “enterprise grade” implies that a package must satisfy all of the following:

  • Proven stability – Long-term support and extensive real-world testing.
  • Comprehensive security – Regular vulnerability audits, patch management, and compliance with industry standards.
  • Transparent sourcing – Publicly auditable code from reputable, well-maintained repositories—avoiding custom builds by hosting vendors that bundle unvetted, low-quality modules to bypass commercial licensing.
  • Predictable maintenance – Clear upgrade paths and minimal dependency conflicts.
  • Seamless integration – Compatibility with corporate infrastructures and automation workflows.

Webinoly’s defaults include only those components that fulfill these enterprise-grade criteria. This lean core guarantees:

  • A smaller attack surface for enhanced security.
  • Simplified upgrades with fewer unexpected failures.
  • Confidence in compliance and auditability.

You can still add any other software via your package manager and adjust Webinoly’s configuration—see our custom configurations documentation for examples.

Is Webinoly only for WordPress? And should I use WordPress for my next project?

Webinoly supports any application that runs on a LEMP stack, with first-class support for WordPress.

Use WordPress when you:

  • Need a mature, battle-tested CMS with a vast ecosystem of plugins, themes, and community resources.
  • Want rapid development of blogs, marketing sites, or standard web apps without extensive custom coding.
  • Value regular security updates, enterprise-grade maintenance, and a low barrier to entry.

Consider alternative frameworks if you:

  • Require bespoke architecture, microservices, or non-PHP stacks (for example, Node.js or Go).
  • Have strict performance, compliance, or security requirements that benefit from a lighter, custom codebase.
  • Plan to leverage modern JavaScript frameworks (React, Angular, Vue) or static-site generators (Gatsby, Hugo).

Regardless of your choice, Webinoly gives you full control over Nginx, PHP, databases, and other system components. You can host Laravel, Node apps, static sites, and more on the same infrastructure—no lock-in.

Why is my WordPress site so slow?

Several common issues can impact your site’s speed. Check each area below:

  • Hosting performance – Underpowered shared plans or unmanaged VPS instances can bottleneck server response times. Review our hosting guide to select the right plan.
  • Theme efficiency – Page builders and off-the-shelf themes often include unnecessary code and assets. Opt for a lightweight, custom-built theme for faster loads.
  • Plugin overhead – Every plugin adds database queries and HTTP requests. Audit your plugins, remove unused or poorly coded ones, and consolidate functionality where possible.
  • Media optimization – Large, uncompressed images and videos drastically increase page weight. Always resize and compress assets before uploading.
  • External scripts – Third-party widgets (ads, analytics, social embeds) introduce extra network calls. Load only essential scripts and defer or asynchronously load the rest.

Focusing on these factors typically delivers the most dramatic speed improvements.

What operating systems does Webinoly support?

Webinoly officially supports the two most recent Ubuntu LTS releases. For full details, see the installation requirements section.

What version of PHP does Webinoly install?

By default, Webinoly install the latest stable version of PHP, it also have the option to install earlier versions if needed.

Note: Use sudo stack -php-ver to see the list of supported versions, it also work with -mysql-ver.

Why does Webinoly have only one PHP user for all sites?

Webinoly runs all PHP and Nginx processes under the single, unprivileged www-data account. This design is not a security risk—in fact, it follows Ubuntu’s and Debian’s own security hardening model for web servers.

  • Eliminates file-ownership and permission conflicts that often arise when multiple Unix users share the same document root.
  • Reduces administrative overhead and misconfiguration vectors by keeping a single, consistent service account.
  • Maintains native FastCGI cache compatibility without complex workarounds or third-party modules.
  • Adheres to upstream defaults that have been rigorously tested and hardened by distribution maintainers.

Myth debunking: per-site Unix users are frequently marketed by low-end hosting control panels as “advanced security features.” On a single-tenant server, they add complexity without stopping an attacker who has gained control of one PHP process—they’ll simply operate under whichever user they’ve compromised. True, kernel-level isolation (containers, VMs, or separate servers) is the only way to enforce OS-level separation.

If you require complete site isolation, deploy each site in its own container, virtual machine, or separate server.

To enable SFTP access for the www-data user, run: sudo webinoly -sftp=on

Why do I sometimes see errors during the installation process?

Installation failures are infrequent but may occur when Webinoly retrieves packages from official upstream repositories. If a repository becomes temporarily unavailable or undergoes an unexpected structural change, the installation process will be interrupted. These errors originate from external sources and do not indicate a defect in Webinoly.

For instance, if the Nginx repository (https://nginx.org/packages/ubuntu/) is inaccessible—due to server maintenance, network connectivity issues, or DNS resolution failures—you will receive an error reporting the inability to fetch from that source. The same applies to any other configured package repository.

A comprehensive list of all upstream repositories is available in the stack documentation for your reference.

Should I create a SWAP file or partition before installing Webinoly?

No. Webinoly automatically detects when no swap space exists and provisions its own swap file during the initial setup. The file is sized proportionally to your server’s RAM to ensure optimal stability and performance. If you already have a swap partition or file in place, Webinoly will detect and preserve it—so there’s no need to configure swap manually.

How can I reset Webinoly settings?

If you have manually altered a configuration file and your server is exhibiting unintended behavior, we recommend proceeding as follows:

  • sudo webinoly -verify to scan your setup for any Errors or Warnings.
  • sudo webinoly -server-reset to reset all Webinoly settings.

How can I add custom Nginx rules or modify other server configurations?

How do I remove Webinoly from my server?

To perform a complete removal:

  • Remove all installed software packages, websites, and optimizations: sudo stack -purge-server-all=force.
  • Uninstall the Webinoly application: sudo webinoly -uninstall

Your previous configuration will be preserved and automatically restored if you reinstall Webinoly later.

How can I use an external database?

When creating a WordPress site with Webinoly, you can point to an external database by using the -wp=custom option and supplying the connection details.

How can I recover or change my MySQL password?

To manage your MySQL credentials, Webinoly provides dedicated commands:

  • Recover current passwords for the root and admin accounts: sudo webinoly -dbpass. This command displays the credentials stored in Webinoly’s configuration.
  • Reset the password for any MySQL user: sudo webinoly -mysql-password. Follow the interactive prompt to enter and confirm a new password. Webinoly will apply the change and update its internal records automatically.

These commands eliminate the need to edit database files manually and ensure that Webinoly always uses the correct credentials.

Where is the phpMyAdmin login page?

The phpMyAdmin interface is secured behind HTTP Auth and exposed on a configurable port. By default, Webinoly assigns port 22222 for all administration tools.

  • Default access: http://<server_ip>:22222/pma
  • Custom port: sudo webinoly -tools-port=<port> (choose any port between 0 and 65535)
  • Domain-based access: sudo webinoly -tools-site=example.com and then go to; https://example.com:<port>/pma

You will be asked for HTTP Auth credentials when accessing this area. For instructions on configuring or recovering these credentials, see the next question in this FAQ.

Why am I prompted for a username and password when accessing certain pages?

Webinoly secures sensitive endpoints—such as /wp-login.php, /wp-admin/, and all tools on the administration port—with HTTP Basic Authentication. When you navigate to these areas, your browser will prompt you for credentials.

These credentials correspond to the HTTP Auth user and password defined on your server. To view or update them, use the Webinoly HTTPAUTH command.

Failing to supply valid credentials will result in a 401 Authorization Required or 403 Forbidden response. For full details and advanced configuration options, see the HTTPAUTH section of the Webinoly documentation.

How can I obtain an SSL certificate for a WordPress Multisite installation that uses domain mapping?

  1. Add each mapped domain as a “parked” site. Make sure the domain’s DNS (A or CNAME) points to your server’s IP.
  2. Generate a Let’s Encrypt certificate for each domain. Specify the main site’s document root with the -root option. Repeat the command for every mapped domain in your network.

How do I configure my Firewall?

Webinoly does not configure firewall rules automatically. You should secure your server by defining explicit rules with your preferred firewall solution (for example, UFW, iptables, firewalld, AWS Security Groups, Azure Network Security Groups, etc.).

At a minimum, allow only the ports that Webinoly and your applications require, see the installation requirements page.

How can I enable a user to upload content via SFTP?

To enable access to the www-data user, you just have to run the sudo webinoly -sftp=on command. As the owner of this directory on the server established by Nginx we have configured limited access and restricted access only by SFTP, thus eliminating the possibility of accessing the command line and other operating system directories.

In this way we differentiate two types of users: Users with access to the configuration of the server and the user www-data that is usually shared by web developers.

Why do I get an error when I try to create an SSL certificate?

Let’s Encrypt has limits on the number of requests for the same domain and period of time, so we recommend that you be careful when testing and installing certificates.

Make sure your site is available, DNS is propagated and can be seen publicly from your browser before requesting a certificate.

Why don’t I receive emails sent by WordPress or my server?

Most infrastructure providers such as AWS and Digital Ocean have limitations for sending emails from their servers or instances as SPAM prevention measures, in addition to taking care of their IP addresses to prevent them from being blocked by other systems.

In most cases, just contact your provider to unlock this service. With Webinoly you have the option to easily configure an external SMTP service for sending emails.

Why HTTP/2 or HTTP/3 does not work on my website?

Browsers do not support HTTP/2 or HTTP/3 without encryption, that is, our site should be running over HTTPS. With Webinoly you can configure an SSL certificate on your site easily and free of charge.

Also, be sure the port 443 (both TCP and UDP) is open in your firewall.

What are the Webinoly’s protected areas?

As additional security measures, Webinoly limits the number of requests allowed in certain areas that have proven to be vulnerable to receiving WordPress attacks.

All PHP files in the /wp-admin/ directory, including the admin-ajax.php file, in addition to the requests to the wp-login.php file will be strictly limited.

When a considerable number of simultaneous requests is received per second to any of these files, the access will be blocked, showing the error “403 forbidden”.

HTTP Headers and Browser Cache?

We have one of the most secure and smart configurations regarding the handling of HTTP headers sent by the server.

Read the documentation in case you need some custom configuration for the HTTP Header sent by the server.

The Browser Cache configuration is already included for practically all common file extensions, so it is not necessary to use additional plugins or tools for this purpose.

Why some files and extensions are blocked by Webinoly and cannot be accessed or downloaded?

Yes, this is a security feature!

Some common extensions for backups, compressed (tar, rar, etc.), executable (exe, msi, etc.), and data (log, sql, conf, etc.) files, all of them are blocked by default.

For example, for unknown reasons, “Matomo WordPress Plugin” uses the node_modules folder, which is obviously blocked by default in Webinoly.

You can change these settings in the Webinoly Configuration file.

Why Bash is required/recommended as interactive shell when Webinoly is used?

In short, Webinoly is developed and documented using Bash and some kind of commands will not work as expected if entered in a different shell, sudo site example.com -proxy=[localhost:8082], for instance. It will fail in ZSH.

You should note that “interactive shell”, is not the same as “login shell”.

As you can see, a lot of examples shown in our documentation will not work. and users can be easily get confused. For advanced users we have an option to disable this shell check, in Webinoly configuration file set: shell-check:false.


If you have any questions, suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the Discussions Area.