I moved this site to official WordPress hosting (WP.com) about one year ago. I was using WordPress as my blog system since 2005 by moving away from Movable Type. My first site was setup on a LAMP server, then move to Media Temple Grid hosting, and then move to Linode VPS. After few problem and incident I decide move my site to managed WP with a paid plan.
Some times I receive message of asking comparing VPS hosted WordPress and WP.com, which is not an easy question to answer. I list reason why I move to WP.com and what I lost.
Why I move to WP.com
Security and Updates
Site security is important. And it was the main reason I move to a managed solution. I don’t mean how good the security in WordPress.com, but generally speaking they do security better than most VPS owner.
I work for a major IT company, and have client in Top 500 list. I know there will be risk of put my web server direct to internet. So when I deploy WordPress on my Linode VM, I put my Apache and database in an internal network behind a Haproxy.
The software and proxy run on different VPS connect to private network with Firewalld on. I can only SSH to non-root account with ssh-key, not using password. And also have script for install Linux security update every 2 weeks.
Every thing looks great, but one day in 2017 I see my site was marked with security warning by Google. After check and file scan, several script has been found injected into WordPress plugin and program. The root cause was not found, the best guess was cause by security vulnerabilities in old WordPress version.
I have to complete rebuild those VM, and restore data from backup. But even update WordPress is not a difficult task, I did have experience of failed upgrade, and take me time to fix the problem. This is why I am looking for am managed service, and WP.com is the first option.
HTTPs and Let’s Encrypt ACME
I also using Haproxy for HTTPs offloading, and using Let’s Encrypt as my HTTPs certificate provider. But certificate provided by Let’s Encrypt have short expire date, so I setup auto renewal with ACME for update certificate every few weeks.
However, sometimes the auto renewal failed and causing Haproxy stop working. On the other hand WP.com helps me renew certificate without any problem.
I currently using Premium Plan from WP.com costs me 8.00 USD per month. Compare to VPS plan, cost me 5.00+20.00=25.00 USD per month， save my 204.00 USD each year.
I also using premium theme included in my plan, so I do not need to spend extra cost to buy theme, or safe time for develop by my self. And I don’t need to spend time to maintain those VMs.
There are some limitation of using WP.com. Some of the limitation due to my 8.00 USD Premium Plan, and can be resolved by upgrade to more expensive plan. But other limitation can not work around easily.
Feature and Plugins
My Premium Plan don’t include plugin service. As a SaaS service, there is no more control other than WordPress dashboard panel, any extra feature not include in WordPress must require install a plugin. The cheapest plan with plugin support cost 25.00 USD per month.
Without plugin support some advance feature such as CDN, some show-box, google analytics are also limited.
DNS and Domain Name
WP.com can providing one year free domain name for customer, but the best practice is register your domain name with major domain provider such as godaddy or name.com. I didn’t use free domain name provide by WP.com so I do not know how much I have to pay for next year, and I am not sure WP.com offer private Whois.
By default, WP.com require using their DNS, and WP.com DNS do support most of the DNS record type
- A (see the Setting a Custom A Record page for more info)
- MX (See Add Email Through Other Providers for more info)
But for user have large record list, or do not want to transfer DNS from HE.net or NS1.com, you can create a A record to WP.com ingress IP addresses. I using following IP address provided by WP.com support:
They can be different from your site, ask support for conformation.
SANS in HTTPs Certificate
Certificate issued by WP.com under common name *.wordpress.com. My domain name list as one DNS record in SANs, with other WP.com user’s domain name. I can not have a http certificate with only my domain name in SANs list.
I living in China, and WP.com sometimes blocked in China. Currently I using a workaround for this issue. This only cause problem for people visit my site from China.
Log and Visiter Metadata
On WP.com, I can only see visitor information from Jetpack. If you have plugin support, other traffic analytics service such as Google can be support. But unlike VPS, I can access raw log from Haproxy or Apache web server can and send to ELK on my data platform for archive or analysis.
The only problem for me now is raw access log and no plugin support. I use CDN solve the certificate and access problem. I don’t know is any SaaS provider will provide those access log, but before I see better stable WP managed service, I will stay in WP.com, and perhaps buy the Business Plan.