Why WordPress Website Owners Shouldn’t Mourn the Demise of Hosting Control Panels

For years site owners have been trained that the main interface for their site is their hosting control panel.

A lot has changed, however, since John Nick Koston invented the cPanel.

For the serious site owner who uses WordPress, a hosting control panel is the last thing you want on your production site.

The Basics of Hosting Control Panels

A hosting control panel is a computer program that allows a user to interface with the intricacies of Unix, Linux, or Windows in a nice, easy-to-use graphical interface.

The original hosting control panel evolved to be what we now see branded as cPanel, but there are others including Plesk and WHM.

Typical uses for a hosting control panel include:

  • Domain management
  • Name server management
  • Email account management
  • File management
  • File editing
  • Database management.

A traditional hosting control panel’s functionality and architecture are all predicated on one thing: that all these services are sitting on one server, circa 2000.

The world has moved on quite a bit since then, however.

Which provides the perfect jumping off point for explaining the hosting control panel’s demise.

“The Cloud” and cPanel’s Demise

We’ve been real clear at Synthesis that we don’t like the term “cloud.” In this case, however, it is a good term for lumping together providers who’ve evolved in the industry.

Ten years ago, people actually did run email, DNS, file storage, and more … all from the same server. There were a multitude of reasons why, but the primary reason was that the market did not offer any alternatives at a price point that the average site owner could afford.

This has changed significantly.

Now, every major vendor is chasing customers with a “cloud” offering that seeks to deliver enterprise-level services at commodity pricing.

Thus, the thought of managing your own email server and configuring SPAM software when you can have Google do this for you at $5 a month isn’t even worth discussing.

File storage has been revolutionized by providers like Amazon’s S3, Mark Cuban’s FilesAnywhere, and DropBox.

Distributed, secure DNS through providers like DynDNS, Amazon’s Route 53, and GoDaddy are enterprise-class on a small business budget.

There is no question as to whether you should be considering cloud-based services for core infrastructure as opposed to putting all your eggs in one basket trying to run this off of your own dedicated or virtual private server.

The question is: With all of these services not being on your server, what would you actually use a web hosting control panel for?

WP-admin … The New Control Panel

If you’re a content publisher, you gravitate to where content is published. For WordPress users, that is the wp-admin dashboard.

But contrary to the ill-conceived (and thankfully fading) notion that WordPress is just a blogging engine, the WordPress dashboard allows site owners to manage darn near everything they need to on a day-to-day basis.

  • Landing pages and membership programs can be managed from WordPress with software like Premise.
  • Email campaigns can be managed with programs like AWeber.
  • Backups can be managed through CodeGuard and BackupBuddy.
  • Traffic analysis can be managed through Google Analytics.

And on and on.

The inefficient use of time lingers on as one of the most avoidable extra true costs of running a WordPress website. Toggling back and forth unnecessarily from hosting control panel to WordPress control panel, a.k.a. the dashboard, is just another way to waste time and drive up true costs.

The 2 Tools You Need Outside Of WP-admin

Granted, you can’t do everything from your WordPress dashboard. There are some site elements best handled elsewhere.

Ironically, a cPanel isn’t the right place for these either.

The two site elements I am referring to are file management and database access.

File Management

Yes, you can use the theme editor in WP-admin to tweak your theme, or even plugins, but this is a really dumb idea that becomes apparent when you make a mistake.

For example, if you botch your functions.php file using the WP-admin editor, you kill your site. This, in turn, kills your access to the editor, which you need to fix it. Don’t let this happen to you!

Invest in a good FTP program such as Coda or CyberDuck that supports SFTP.

Also, invest in a good text editor like TextWrangler that won’t introduce any odd line breaks or characters into your theme files. With a text editor you can also easily and quickly undo any changes to revert back to a working copy of the file.

Database Access

You can also use a plugin to get at your MySQL databases. However, from a security perspective, enabling PHPMyAdmin inside of WordPress is not a good idea.

Then you might think, well this is what I need my hosting control panel for!


Control panels simply launch PHPMyAdmin, which is your primary access to MySQL. There is no need to have one piece of software launch another when you can just simply bookmark the PHPMyAdmin URL.

Also, if you use PHPMyAdmin for backups and migrations, plugins like BackupBuddy are a much better choice.

And if you really need to take WP-admin to the next level, services like ManageWP do exactly that.

Technological Pitfalls Of Hosting Control Panels

Since we’ve covered all of the logic behind the demise of hosting control panels, let’s get into the details of their technical flaws.

Software Bloat

Linux installations with control panels assume that you are potentially going to run just about everything under the sun. You can can see this by looking at the number of processes running on the box.

WordPress doesn’t need TomCat, a mail daemon, DNS server, or half of the Apache modules these configurations load by default.

It’s like buying your Windows computer from an obnoxious OEM who installs all of these “light” versions of software on your computer that you never can seem to get to go away so they will stop prompting you to upgrade to the full version.

From a software bloat perspective, the quickest way to get your Linux installation looking like an OEM version of Windows is to purchase a VPS with a default install of Linux predicated on a control panel.

The Apache Assumption

Most control panels provide support for Apache. But if you haven’t gotten the memo, the WordPress world has moved on to more efficient web servers like NGINX.

Even if you are using Apache, you’ll probably want to have NGINX, Varnish, or some other sort of reverse proxy in front of your site.

And there really isn’t a good control panel that supports these technologies or configurations.

A Little Too Cozy With LAMP

LAMP stands for Linux, Apache, MySQL, and PHP. This is the core stack that WordPress needs to run.

Most control panel implementations have their hooks in many (if not all) of these technologies. This is what causes all kinds of anomalies in WordPress, like permissions mismatches (driven by panel nonsense) that cause WordPress to ask for FTP credentials when adding plugins.

More Security Holes and Software To Update

When most site owners are asked, “Is your WordPress up to date?” they know the answer immediately.

However, when asked if their cPanel is up to date they really don’t have a clue. Not having an answer to this one question can open your site up to security vulnerabilities.

Moreover, since many control panels get cozy with core LAMP software, these updates might break updates you’ve made to Apache, MySQL, or PHP.

So Do I Have To Learn To Use BASH?

At this point in the article you must be wondering what you should do when looking for a hosting provider for your WordPress site.

If you shouldn’t use a control panel, does this mean you are going to have to learn shell commands in Linux?

First, understand that between a good FTP client and WP-admin, you should be able to do 95% of what you need to do.

Second, hosting companies that push control panels do so to in order to lower support costs.

A good WordPress hosting company will have impeccable customer service that can help you with WordPress or anything that might fall in that 5% that requires a control panel.

Last, not featuring a control panel does not mean that a hosting provider can’t offer you a good customer portal.

So long as the customer portal provides functionality that allows you to get into billing, manage payment methods, and even access other cloud services via Internet APIs, you have access to everything you need without being bogged down by so many things you don’t.


  1. Great view into bloatware on the server.. I Never thought of that that way for my flagship site. Glad I switched to WebSynthesis!

    • Jerod Morris :

      Thanks Matt! And we’re happy to have you.

    • Matt, I just went out and randomly looked at a config like yours and compared it to a cPanel config (yes we have one lying around for testing). 41 vs. 86 processes. The extra 45. . . unnecessary bloat and things that would keep me up at night from a hacker perspective.

  2. Interesting article. I agree with most of it, especially the parts about server bloat, separating email to another service provider like Google, and the risk of not keeping cpanel up-to-date.

    I haven’t gotten to the point yet where I’m comfortable managing DNS records or email forwarding outside of WHM/cpanel yet. Something to strive towards though…

    BTW, TextWrangler is free (no need to invest)…and I wouldn’t use GoDaddy for anything if you paid me.


  3. Jeff,

    Great feedback. Yes, DNS is a little intimidating but the modern services do make it easier to edit, update, etc. Amazon’s user interface leaves a little to be desired but then again. . .most of their UI’s do. I hear you on GoDaddy. They do shoot themselves in the foot on multiple fronts. Still, domains and DNS they do very well. The key here is that you get performance gains by getting this out of your local server and you also don’t have all your eggs in one basket.

    Also, thanks for the note on TextWrangler. There is some great free software for the Mac.

  4. Never thought about the bloat of cPanel before reading your post, but this makes a lot of sense. Great read, I learned a lot, and since I use WP on dozens of sites, it’s some long overdue knowledge.

  5. I like your outlook on these things. However, I feel like our industries reliance on FTP access to sites is, in itself, a pitfall. We should be looking forward and using version control systems to make our changes to applications like wordpress. It’s much easier to roll back a revision, than manually be keeping duplicates of changed files, or digging out a tar’d up backup file that you accidentily typo’d. I work for a hosting/development company and we’ve moved everything into git, with scripts that run through and autocommit things added from the wordpress dashboard, so all your plugins and themes are easily accessible. It has really saved some of our clients that are prone to meddling in things that might be better left to the professionals. And we’ve also noticed a change in the speed we can react when someone takes their site offline, whether that site be WordPress or OpenCart. Our clients on FTP who break things always take twice as long at least as those using git, who’s checkin logs we can just glance through to find the file which contains the issue.
    As far as text editors, I use VIM on everything – Windows, *nix and *bsd, and macs. Gvim is relatively easy to use if you don’t feel like learning keyboard shortcuts. It’s readily available in the macports tree also.

    • Jerod Morris :

      Dustin, thanks for the insight. This does sound like a much better way to do things.

      • Dustin,

        This is great insight and spot on. I think the challenge is moving site owners to such a model as git, svn, etc. These still require some knowledge to use and many just aren’t there. It is something that both we at Synthesis and the industry should strive to bring to market in an intuitive format. We’ll definitely add this to our product road map list as people are asking for it.

        Your other comment, VIM, makes me smile. I too use VIM for everything (used to use VI in Unix world). It is the most accurate, fastest editor there is. I’ve never encouraged people to use it due to it’s cryptic nature, however. I’ll have to check out gvim as I have not used that.

        Again, great insight. Thanks for taking the time.

  6. Jerod,

    I’m truly torn on my reply here. You’re correct that a WordPress administrator doesn’t need cPanel access, and a boutique host could also do without cPanel.

    However, nothing stops a hosting company from optimizing and securing a cPanel server to the point where it’s equally as efficient as any other, and more automated. cPanel is about web hosting automation – which is required when you are anything more than a boutique hosting provider. Not to suggest there’s not a definite place for boutique in hosting, as there is…100%.

    At minimal you should be offering your clients SFTP access. FTP is simply not secure and is ironically more outdated than you could ever argue a control panel being. But who keeps MySQL updated, SSH updated? Surely you can’t trust the average joe with a VPS running wordpress to follow all the updates they need to be following on a daily basis.

    There’s a place for the cPanel product in the world. Thank god that cPanel product has a full API that allows the hosting provider to decide what sort of portal they offer their client. The right person could come along and automate that to a level which competes with your boutique offering.

    WIth all that said, I’m also developing a product that I feel pushes on the control panel market a bit in saying – “hey, don’t trust your control panel or host to do your backups. Offload it.”

    Interesting post – but I think you should clarify the difference of a wordpress admin needing cPanel access (ie: you vs. bluehost) and a server admin needing cPanel (using cpanel vs self-configuring everything)

  7. I wholeheartedly agree with the premise of your article. I haven’t seen a cPanel for a couple of years except in the rare instances my clients insist on hosting their website on BlueHost for example. Those sites which I maintain on my own servers are versioned controlled with git and a combination of phpmyadmin.

    One of the things no one has mentioned is the use of CloudFlare as both a powerful DNS manager and a CDN. It can be setup for free and provides a layer on top of your webserver with the NGINX reverse ip which prevents DOS (Denial of Service) attacks, malicious bots and sql injection attacks.

    I’m a firm believer in CloudFlare and wouldn’t run a site without it.

    Thanks again for the very informative article.

  8. David, great input. We have actually been in deep testing with CloudFlare on a couple of high traffic production sites and are working with their engineering. I do concur that their technology is noteworthy and we will be covering that in more depth. We do like to cover such technologies with prescriptive guidance vs. what I call “fairy dust advice”. Meaning, we believe in helping site owners understand the problems they are solving for and the exact technologies and offerings that will solve these problems vs. just sign up.

    Again, good input and thanks for bringing this up as we are anxious to talk more about the topic as well.

Leave a Reply