Short answer: Managed WordPress hosting means the provider runs the server stack for you – updates, security, backups, performance tuning, support. Unmanaged hosting (usually a VPS or dedicated server) gives you a bare Linux box and root access; you do the rest. Managed costs more per month but saves dozens of hours and removes most of the security risk. Unmanaged is cheaper in dollars but only makes sense if you have the time and Linux skills to operate a server safely.
Managed vs unmanaged at a glance#
| Managed WordPress hosting | Unmanaged hosting (VPS) | |
|---|---|---|
| Server admin | Provider handles it | You handle it |
| WordPress updates | Automated, tested | You run them |
| Security patches | Applied by provider | You patch the OS, web server, PHP, MySQL |
| Backups | Daily, automated | You configure and verify them |
| Performance tuning | Pre-tuned for WordPress | You tune nginx, PHP-FPM, MySQL, caching |
| SSL | Automatic | You install certbot and renew |
| Support | WordPress-aware | Generic Linux support, often paid extra |
| Cost | $10-100/mo typical | $5-50/mo for the box, plus your time |
| Best for | Site owners, freelancers, agencies, businesses | Developers and sysadmins who want full control |
| Worst for | Anyone who needs root-level OS customization | Anyone who does not know how to harden a Linux server |
Do you need hosting for WordPress at all?#
Yes – WordPress is software, not a service. It needs a server somewhere with PHP, MySQL, and a web server (nginx or Apache) installed and configured. There is a separate product called WordPress.com that hosts a managed version of WordPress for you, but it is a different platform with different limitations. When most people say “WordPress” they mean WordPress.org – the open-source software you download and install on your own hosting account.
Without hosting, you have no server to install WordPress on, no public IP address, no domain that resolves anywhere, and no way to serve pages to visitors. Hosting is not optional. The question is what kind of hosting fits your situation – and that is exactly the managed vs unmanaged decision.
If you are still figuring out the broader hosting categories before drilling into managed vs unmanaged, what is shared hosting and how does it work and VPS vs shared hosting cover the foundations.
What managed WordPress hosting actually includes#
The word “managed” gets thrown around loosely. Different providers include different things under the same label, so the practical question is what specifically the provider takes off your plate. The honest list across the better managed WordPress hosts:
Server operations
The provider keeps the operating system patched, the web server (nginx or Apache) configured and running, PHP updated to supported versions, MySQL or MariaDB tuned for WordPress workloads, and the firewall rules in place. You do not log into the server to run
dnf update
or restart services. If a kernel CVE drops on a Tuesday, the provider patches the fleet that night.
WordPress-specific updates
Managed hosts apply WordPress core security releases automatically, usually within hours of release. Most apply minor releases automatically too, with major releases configurable per site. Plugin and theme auto-updates are typically opt-in per site – the provider gives you the toggle, you decide which sites get them. The full mechanics are in WordPress automatic updates: how to enable, disable, and control them.
Backups
Daily site and database backups are standard. Better providers store them off the production server (separate backup infrastructure or cloud storage) and let you restore individual files or full sites from a control panel. Retention varies – 7 to 30 days is typical. The point of “managed backups” is that they happen whether you remember or not, and you can prove they exist by restoring one.
Performance tuning
Managed WordPress hosting comes with the stack already configured for WordPress workloads: opcode caching enabled, object cache (Redis or Memcached) configured, page cache at the server or edge layer, MySQL query cache tuned, PHP-FPM worker pools sized for WordPress’s request pattern. You do not touch any of this. On unmanaged hosting, you do.
Security layers
Bot protection at the edge, brute-force protection on
wp-login.php
, malware scanning, SSL certificate provisioning and renewal, and WordPress-specific WAF rules. These exist on shared and managed hosting because the provider runs them once and applies them across all customers. On a self-managed VPS, you install and maintain each piece yourself – and forgetting any one of them is how sites get compromised. Is WordPress secure and how to harden it breaks down which layers actually matter.
Support
Managed WordPress support staff have seen WordPress problems before. “Why is my admin slow after the last update?” gets a useful answer rather than a “please contact your developer” deflection. The depth varies by provider, but the floor is meaningfully higher than generic VPS support.
What unmanaged WordPress hosting means#
Unmanaged hosting almost always means a VPS – a virtual machine from a cloud provider like DigitalOcean, Linode, Hetzner, Vultr, or AWS Lightsail. You get an IP address, root SSH access, and a clean operating system. Everything else is your job:
- Installing nginx or Apache and configuring vhosts
- Installing PHP, picking the version, installing the extensions WordPress needs
- Installing MySQL or MariaDB, creating the database, creating a database user
- Installing WordPress (download, extract, configure
wp-config.php) - Setting up SSL with certbot or another ACME client and configuring renewal
- Configuring a firewall (firewalld, ufw, or iptables)
- Setting up backups – cron job, off-site copy, retention, restore testing
- Installing and configuring fail2ban or equivalent for SSH and web brute-force protection
- Configuring SMTP for outbound email so password resets and notifications work
- Monitoring disk, CPU, memory, and uptime – and being on call when any of those go bad
- Patching the OS, the web server, PHP, MySQL, and WordPress on an ongoing basis
This is doable. People do it every day. The required reading is the wp-config.php settings reference and WordPress hosting requirements so you know what WordPress actually needs from the stack you are about to build.
What unmanaged hosting is not: shared hosting where the provider does not give you a control panel. Shared hosting is managed – poorly or well, but managed. The “unmanaged” label specifically means a VPS or dedicated server where the provider hands you root and walks away.
The hidden costs of unmanaged#
The dollar cost of an unmanaged VPS looks compelling. A $5/month DigitalOcean droplet versus a $30/month managed WordPress plan looks like a 6x markup. The math changes when you include the parts you do not see on the invoice.
Your time
A reasonable initial server setup for one WordPress site – install the LAMP/LEMP stack, install WordPress, configure SSL, set up backups, harden SSH and the firewall – is 4 to 8 hours of focused work the first time. After that, ongoing operational time is a few hours a month minimum: applying patches, checking that backups are still running, watching disk usage, dealing with the inevitable failed update or expired certificate. Multiply by the number of sites you run.
If your time is worth $50/hour, 6 hours a month of server admin work is $300/month of opportunity cost – which dwarfs any per-month savings from running unmanaged. If you enjoy server administration and are good at it, the calculation is different. Most site owners are not in that bucket.
Downtime risk
A managed host has a team monitoring the fleet, an on-call rotation, alerting on infrastructure issues, and (usually) an SLA with credits attached. On an unmanaged VPS, you are that team. If your server reboots into single-user mode at 2 AM because a kernel update went sideways, the only person fixing it is you.
This is fine for a portfolio site that nobody notices is down for 6 hours. It is not fine for an ecommerce site doing $500/hour in revenue. Calculate downtime cost the same way you would calculate any insurance decision: probability times impact.
Security breaches
The single biggest hidden cost of unmanaged hosting is what happens when the server gets compromised. Forgotten patches, weak SSH config, an unmaintained WordPress install, a vulnerable plugin – any of these can lead to a server-level breach where the attacker pivots from WordPress into the OS itself. At that point, “fix it” usually means rebuild from scratch and restore from backup (assuming the backups are clean).
The Hostney bot protection layer, malware scanner, and per-account container isolation exist because shared infrastructure has to assume hostile traffic. An unmanaged VPS has none of that unless you install and maintain it yourself.
Where managed wins#
- You run a website, not a server. Your value is in the content, the design, or the business behind the site. Spending hours on server config is hours not spent on the actual product.
- You manage multiple client sites. Agencies and freelancers running 10 to 100 sites cannot afford to operate 10 to 100 servers. Managed WordPress hosting is the only sane economic model at that scale – see WordPress maintenance plans for how this changes the agency math.
- Downtime costs you money. Ecommerce, lead-generation sites, anything with active conversions running. The premium for managed hosting is small relative to the cost of a single bad outage.
- You are not a Linux sysadmin. This is not an insult. Linux server administration is a real skill. If you do not already have it, hiring a managed host is buying that skill at retail.
- You want backups and security to be the provider’s problem. Both of these get neglected on self-managed servers more often than people admit. Managed hosting makes them part of the platform.
Where unmanaged makes sense#
- You are a developer or sysadmin and prefer full control. You want to pick your own kernel, configure nginx exactly your way, run a non-standard PHP build, or experiment with caching architecture. A VPS gives you that. A managed host (mostly) does not.
- You have unusual stack requirements. Custom binaries, niche PHP extensions, container orchestration the host does not support, a database other than MySQL/MariaDB. If your needs do not fit the managed mold, you need the unmanaged mold.
- You are running infrastructure as a learning exercise. Operating a server is a useful skill. Doing it on a low-stakes side project is one of the best ways to build it.
- You are at a scale where the math flips. Once you are running enough WordPress sites, building your own infrastructure starts to look reasonable. That number is higher than most people think – usually past the point where you are running a small hosting company yourself.
Managed should not mean locked-down#
The traditional knock against managed WordPress hosting is that you trade control for convenience. Older managed WP platforms restricted SSH, blocked WP-CLI, refused to expose nginx config, and made every “advanced” task a support ticket. That model was a real tradeoff and a fair complaint.
Modern managed hosting does not have to work that way. The good managed platforms expose the operational surface you actually need:
- SSH and SFTP access for editing files, running scripts, and moving things around without going through a web file manager
- WP-CLI for the standard WordPress administration tasks (plugin management, search-replace, user creation, database tasks)
- Real nginx and PHP-FPM access through the control panel – including PHP version selection per site, ini variables you can change, custom configuration where it matters
- Direct MySQL access with phpMyAdmin and external user provisioning, for when you need to connect from a desktop client or a CI pipeline
- Git integration for application deploys
- Per-site PHP versions so a legacy site on PHP 7.4 can coexist with a modern site on PHP 8.3 without juggling separate servers
If your managed host blocks you out of all of these, you are paying for managed hosting and getting hosted SaaS – which is a different product. Look for managed providers that frame the platform as a layer on top of a real Linux stack, not a walled garden built around it.
Common mistakes#
- Buying unmanaged because it looks cheap, then never patching. A $5 VPS that has not been updated in 18 months is a security incident waiting to happen. The cheap price is only cheap if you actually do the operational work.
- Buying managed because someone said “managed is better,” then complaining about the lack of control. Managed has tradeoffs. If you specifically need to install custom OS packages, run a specialized PHP build, or rewrite the nginx config, you wanted unmanaged.
- Treating “managed” as a guarantee of perfection. Even on managed hosting, you are still responsible for plugin and theme choices, content security, user account hygiene, and backup verification. The host manages the server, not your decisions inside WordPress.
- Comparing on price without including time. A $5 unmanaged VPS plus 8 hours a month of your time is not cheaper than a $30 managed plan unless your time is worth less than $3/hour. Most people’s time is not worth less than $3/hour.
- Confusing “shared hosting” with “managed WordPress.” They overlap but are not the same. Shared hosting is one server hosting many accounts; managed WordPress hosting is a stack tuned and operated specifically for WordPress, which can run on shared, container-based, or VPS infrastructure underneath. Cloud WordPress hosting explained covers the underlying architecture variants.
How Hostney handles this#
Hostney is managed WordPress hosting that does not lock you out of the underlying stack. The provider side – container isolation per account, malware detection, behavioral bot protection, edge caching, automated SSL, daily snapshot backups, HTTP/3, automated WordPress updates – runs in the background. The control panel exposes the operational surface you actually need: SSH and SFTP, WP-CLI through the terminal, per-site PHP version selection from PHP 5.6 through 8.5, real PHP-FPM ini variables you can change, MySQL access with external users for desktop clients and CI, Git deploys, cron jobs, DNS management, and configurable nginx caching and rate limiting per domain.
The Ellie AI assistant handles the routine “how do I do X” tasks (creating subdomains, adding databases, switching PHP versions) so you stay out of documentation when you just want a thing done. WordPress staging gives you a safe copy of a live site for testing changes before they hit production.
The framing: managed should mean the operations are taken care of, not that the platform is taken away from you. If you want a VPS-grade level of control over how your sites run, with managed-grade infrastructure underneath, that is the slot Hostney sits in.
Summary#
Managed WordPress hosting handles the server so you handle the website. Unmanaged hosting hands you a Linux box and the responsibility that comes with it. Most site owners, freelancers, and businesses are better served by managed – the time savings and the avoided security risk pay for the price difference quickly. Unmanaged makes sense for developers and sysadmins who specifically want full control or have unusual requirements. The middle ground – managed hosting that exposes a real operational surface – exists, and that is the version worth looking for.