The Ultimate Guide to Magento Hosting

Magento is undoubtedly one of the most popular enterprise-class ecommerce platforms available in the market. With its comprehensive suite of tools enabling merchants to deliver online storefronts with a customizable and professional look and feel, it empowers over 154,916 online retailers.

One of the best aspects of the Magento platform is its ability to cater to small hobby stores, mid-market, and enterprise-scale customers alike.

Why Merchants Select Magento for Ecommerce

Customizable: Magento has a flexible template architecture, which means that you can customize pretty much everything. With full control over the code, merchants can develop functionality based on their individual needs. The result? Online storefronts that are only limited by your imagination.

Scalable: Magento is a platform that has been built to scale. In other words, whether you’re selling a handful of products, or if your catalog extends to millions of different items, Magento grows with your business.

Feature-rich: Even Magento Open Source, a free edition of the platform, boasts features that are not commonly available in other ecommerce platforms. For instance, it allows you to manage multiple storefronts and locations, accepts global currencies, supports multiple languages, and is mobile and SEO-friendly.

SEO-friendly: Consistently improving SEO is critical to ecommerce success. Magento offers a host of SEO-friendly features, such as search-friendly URLs, sitemaps, meta tags, descriptions, and includes analytics to track visitors. 

Mobile-friendly: It’s a mobile-first world, and sites must be optimized to deliver great user experiences, on any device. Magento allows store owners to develop mobile sites with ease, ensuring seamless shopping environments, and helping to reduce bounce rates and drive sales. 

Massive community: Another benefit of using Magento is access to the resources of its vast community. With 472,875 forum members and 6500 contributors from the user, developer, and designer ecosystems, these resources mean that if you have a problem, chances are you’ll find a solution to it.

Magento Open Source vs Magento Commerce

Magento Open Source: Magento Open Source is an entirely free ecommerce platform that can be used to develop and customize an online store. Given that it requires literally zero initial investment and meets all the requirements of a small store, it works really well for a lot of small and mid-sized business owners. Easy to configure Magento extensions are also available to add more functionality where needed.

Magento Commerce: Magento Commerce is a premium paid edition of Magento, designed for stores that need more advanced functionality and customizations, making it a solution for medium to large-scale business owners. Thisedition comes with features such as return management authorization, advanced segmentation with targeted offerings, call center software integration with assisted shopping, price and promotion permission, enhanced catalog and content management system (CMS), staged merging and rollback of content, sophisticated attribute-based customer segmentation and targeting, and customer behavior-triggered automated email reminders/notifications.

Magento Commerce subscribers benefit from full support via phone and email with installation, configuration, usage, security updates, exclusive product enhancements, and troubleshooting. Magento Commerce, however, can be cost-prohibitive in a lot of cases.

Magento 1 vs Magento 2

Moving from Magento 1 (M1) to Magento 2 (M2) is not a simple upgrade; it’s an entire replatforming exercise. Magento 2 is an entirely new platform with significant framework differences and a very dissimilar hosting backend. An M2 site needs to be built from the ground up, requiring extensive resource and time commitments.

Magento 1 was sunset (end-of-life) in June 2020, after which time merchants with online stores deployed on M1 lost all access to new features, functionality updates, bug fixes, and support from Adobe/Magento. New vulnerabilities are no longer addressed with new security patches from the company.

In 2020 and 2021, Magento Commerce (M2 Enterprise) had a much lower market share than Magento Open Source (M2 Community), and Magento 1 (M1) was still ahead of Magento 2 (M2) in market share. However, as of 2023, M2 is now leading in the Top 100K sites, Top 1M sites and the entire world wide web, M1 continues to lead in the Top 10K.

Magento 2 has better adoption in ecommerce categories like Fashion & Lifestyle, Home & Garden, Computers, Electronics & Technology, and Sports. Magento 1 is leading in Arts & Entertainment, Games, Travel & Tourism, Adult, and News & Media.

Merchants that want to re-platform should take the time they need to plan well and get it done with the right partner. Check out replatforming best practices here. However, if you need more time to plan your next step, here’s some good news: Webscale continues to support thousands of M1 storefronts on any cloud. All our Webscale One CloudOps Plans support M1 storefronts and secure them against exploits. We have released 80+ patches till date to support Magento 1 stores.

Top 6 Considerations

Choosing the right hosting provider is a critical decision for Magento merchants. Your hosting provider will offer the infrastructure and services necessary for your Magento store to be delivered to your customers. If that online shopping experience is anything but fast, secure and seamless, a potentially loyal lifetime customer can move on to your competitors.

Choosing the perfect hosting partner is critical to avoid customer drop-offs and loss of revenue, because how your application code, files, and data are hosted has a major impact on your store’s performance and availability. Important considerations to discuss with your prospective provider include expected store size, current and expected throughput, anticipated growth rate, scalability needs, performance expectations, and security protocols.

Here are our top six areas to focus on:

Ecommerce Store Size: Magento caters to online businesses of all sizes – small, mid-market, and enterprise. The hosting partner you choose will largely be influenced by the size of your business. The larger your Magento store, the more resources you’ll need to manage it. If you attract significant traffic, shared hosting is not recommended as slowdowns will be frequent, and could cost you sales. The speed of a Magento storefront can be a frequent cause for concern if not hosted correctly, particularly when developers are actively making updates to the codebase.

Scalability: When you witness a traffic surge that’s 10X or 100X your usual traffic, your capacity can quickly be exceeded, causing your online store to crash or slow down enough to impact your ability to complete successful checkouts.

Once you’ve analyzed your store size, it’s time to look at how many requests, or how much traffic your hosting infrastructure will have to absorb and process during normal, as well as peak traffic periods. This will give you a good idea of the size and scope of the hosting architecture needed to support your traffic.

The best approach is to opt for a solution that automatically, and predictively, scales out and in depending on traffic volume. When you can predictively scale your infrastructure, you never fall behind demand, and you remain “right-sized” at all times. You also have the potential to save significant costs by avoiding being over-provisioned (with more capacity than you need), or to prevent expensive downtime by being under-provisioned.

Website Performance and Core Web Vitals: Outside of security, speed is the most important feature of an online store’s experience. No one likes or has the patience to stay on a sluggish website. Magento websites specifically tend to run slightly slower, when they aren’t properly optimized.

For consistently fast page load speeds, optimization of page content and intelligent caching are critical. Inefficient caching practices, latency issues, and lack of image and page optimization can hurt site performance. Note that you don’t need a premium content delivery network (CDN) for any of these features. You can get CDN services for anything between $0 and $1,000 a month for delivering a basic website, so do your research and pick the solution that best fits your needs.

Core Web Vitals (CWV) represent a specific aspect of the users’ real-world experience when visiting your site. They include the page loading experience (Largest Contentful Paint or LCP), interactivity (First Input Delay or FID), and visual stability of page content (Cumulative Layout Shift or CLS).

A Core Web Vitals score for your website that falls below 90, on desktop and mobile, can seriously impact your site’s search ranking because Google is now using the site’s user experience, as measured by speed optimization and page performance, to index and rank the website. A faster site delivers a better user experience, and there is a direct correlation between user experience, engagement, average cart size and revenue. If you improve your storefront’s CWV scores, Google Search will rank the site higher. Organic traffic is substantially more for websites with greater visibility on Google SERPs and during the holidays, you don’t want to miss out on those bargain hungry eyes.

RUM (Real User Monitoring) can give you unprecedented observability into your site’s performance and a CDN built for commerce can catapult your search rankings to the top. RUM helps ecommerce merchants and marketplaces get ahead of Core Web Vitals as the RUM tag measures important page load metrics like LCP, FCP, TTFB (Time To First Byte), DOM Interactive, DOM Content Loaded, Page Load Time, and Ready State Interactive. These metrics allow you to track your progress with real-time reports and take timely action to retain your search rankings and organic traffic.

Cybersecurity: This is the most important consideration for anyone looking for a Magento hosting plan. You should opt for a hosting plan with its own security in addition to Magento’s security features. This is largely because Magento’s security will only protect your store, not your hosting backend (environment). If you are relying on a bundled WAF or CDN from your ecommerce platform provider, be wary of grossly inadequate capabilities that can seriously impact the effectiveness of your website’s security, exposing you to significant levels of risk. Secure everything from the origin to the edge – traffic, browsers, and backend – and monitor everything.

The meteoric growth of ecommerce and increasingly omnichannel strategies adopted by merchants have multiplied the attack surface. Comprehensive protection can be ensured by software, automation, and analytics-led security that can proactively identify and protect web applications from a myriad of evolving threats like bad bots, DDoS attacks, Magecart attacks, credit card skimming, and fraud.

Security for modern commerce cannot be reactive or driven purely by “people power.” It has to be proactive to monitor, detect and defend against attacks in real-time, from the frontend through web traffic, malicious code inserted into the backend, bad bots or from browsers executing scripts to steal sensitive information. A knowledgeable 24×7 SecOps team to help with remediation and forensics is absolutely critical.

Flexible deployments: Every merchant and marketplace is unique with different requirements of their ecommerce technology provider. An ideal hosting provider should be ecommerce platform agnostic and accommodate any deployment model the merchant chooses to go with: monolithic, Jamstack, headless, PWA, mobile, kiosk, or desktop.

Support: Support is a big differentiator for hosting providers, potentially the biggest. If you need help, you need to know who to call and you need to be confident they are not only intimate with your infrastructure, and your Magento application, but can quickly determine the root cause of the issue and resolve it as soon as possible.

Magento users typically need hosting assistance more often than the average online store owner, and a 24x7x365 DevSecOps support team with Magento and cloud expertise would be ideal. .

Look for a team that can work with you in real-time to proactively monitor, detect, diagnose, and resolve issues, and prevent them from happening again. Also, make sure you’re looking at customer support SLAs when making a decision.

Comparison of Popular Magento Hosting Options

Scale or Fail

Scalability is critical to consider when selecting an ecommerce hosting platform for your Magento storefront, and there are many types to be aware of:

Vertical Scaling (also referred to as Scale Up): Vertical scaling is when you attempt to increase the capacity/bandwidth of an existing single server that hosts your Magento site. This is done by adding more hardware to your server, in terms of processing power, RAM, storage, or any other resources.

Vertical scaling is usually expensive, and entails some downtime to upgrade your resources and restart. Moreover, it does not make your system fault tolerant. In other words, if you’re running a Magento site on a single server, and that server goes down or needs maintenance, your site goes down too. Finally, vertical scaling is limited in the sense that you can only scale within the confines of your server capacity.

Horizontal Scaling (also known as Scale Out): Horizontal scaling is the process of adding more servers to deal with unpredictable, dynamic peaks in site traffic. This is usually accompanied by adding a load balancer (a reverse proxy) to distribute user requests (load) among the various servers in your new cluster.

The load balancer distributes load automatically by tracking the status of each server (how many requests each server is processing, which servers are idle, and which servers are overloaded with queued requests) and redirecting new requests to the next available server. It also factors in the network overhead before choosing a server.

Horizontal scaling is much faster than vertical scaling, and doesn’t require a restart of your system to take effect. Thus, horizontal scaling can be achieved with no downtime whatsoever, and without affecting the high availability of your Magento site.

Manual Scaling: Manual scaling, as the term implies, requires someone to manage scaling up and out (or down and in) as required. This is both time consuming and reactive, since it’s usually done in response to one or more spikes in demand.

In a physical data center-style setup, this can be very time-consuming. In the cloud, vertical as well as horizontal scaling can be achieved with a few clicks, so it’s a little easier. However, it still requires a physical person to intervene, which means that manual scaling cannot be done in response to minute-by-minute fluctuations in demand, which is how an ecommerce site typically witnesses traffic.

Manual scaling can also be prone to human error. If someone forgets to scale back down in time, it can result in unnecessary costs. In an ecommerce environment, it is nearly impossible to handle demand variations manually – or even in a scheduled manner.

Auto-scaling: Auto-scaling is the process of automatically scaling up or down the number of servers that are allocated to your Magento site, based on its needs at any point of time.

In dedicated hosting, it is extremely challenging to scale a website, let alone automatically scale it, since you are limited by your hardware resources. Once your servers are maxed out, your site will inevitably slow down and possibly even crash (depending on the significance of the traffic spike), causing you to lose precious customers as well as potential revenue.

Auto-scaling in the cloud allows you to configure trigger points (called alerts and alert escalations) that automatically react in pre-defined ways when thresholds are exceeded. For instance, when memory, network utilization, or request processing rates go above or below a predetermined threshold, your setup automatically scales up, down, in, or out.

The best part is that your architecture will automatically scale up and out (or down and in) to meet your demand variations over the lifetime of your business, regardless of how big or small your site becomes (or how fast or slow it grows) over that time.

Predictive Auto-scaling: This is when your hosting infrastructure scales not only automatically, but also predictively in anticipation of future traffic – based on current patterns and machine learning.

Predictive auto-scaling makes it possible to ensure that your Magento site is always up and available, and that it always has just the right resource provisioning to prevent site slowdowns or outages — without overpaying for resources.

Ensuring consistently fast page load speeds depends heavily on your caching and content optimization practices.

Redis Cache

Remote Dictionary Server, or redis, is a popular open-source, caching management system, particularly for Magento 2. Redis caching keeps data in the server memory using a key-value system, so that data retrieval is effortless (since there are no complicated operations that slow down relational databases) and request processing, faster. Redis has been found to be faster than most other cache mechanisms.

The biggest advantage of redis caching is that being written in C, it’s blazing-fast. The cached data is stored and optimized by way of cache tags and inner indexation, further reducing the time taken to find the requested information. And if data has been requested before, redis caching accesses it even faster. Also, redis natively supports most of the data types, including hashes, sorted sets, set, and list.

Varnish Cache

Varnish Cache, on the other hand, is a web application accelerator also known as caching HTTP reverse proxy. It works by caching web server responses – so, when there’s a visitor request, site pages are loaded directly from the Varnish Cache. However, the biggest disadvantage of Varnish is its complexity. Varnish is also not fully compatible with a few third-party Magento extensions, and its optimal configuration is challenging.

Do you need a CDN with Magento Hosting?

A CDN (Content Delivery Network) typically hosts the heaviest elements of a page, reducing the page’s loading time and boosting performance. For ecommerce websites with hundreds of product images, and global customers accessing them using various devices and browsers, a CDN is a critical component to ensure a seamless browsing experience. CDN providers must also bring in-depth security expertise, to proactively monitor and defend against emerging cyberthreats.

However, not all CDNs are created equal, and the demands of modern commerce—from industry-beating Core Web Vitals to the rapid deployment of services around security, headless and PWA environments—are pushing the industry to deliver new edge platforms to enable these varied use cases.

New-age edge CDNs accelerate page load times by selectively caching static assets and utilizing pre-deployed code at edge nodes closest to the requester, for tasks such as image optimization, or security against carding attacks. This reduces latency while offering deep application insight and observability, with real-time logging and flexible security policy controls. New code deployments can be automatically tested and deployed at global edge locations too without any IT or DevOps constraints around the provisioning, scaling, or management of origin servers.

Dynamic Site Caching: Dynamic site content changes based on user-related factors, such as location, device, and time of visit. A dynamic web page is unique to each user, and it can change further as users interact with it. This makes web pages highly personalized and interactive, in turn making for better user engagement.

Most ecommerce pages are dynamic and personalized based on a user’s shopping behavior, so they cannot be cached and re-used for other visitors. Anonymous users however, as well as bots, can receive cached HTML pages. Dynamic Site Cache delivers blazing fast page loads for users when they visit an online store for the first time, by allowing caching of HTML pages and content for anonymous sessions.

Also, with Dynamic Site Cache enabled, the application origin is no longer processing bot traffic, therefore increasing the efficiency of the application infrastructure, improving performance and reducing operating costs.

Image Management: A typical ecommerce site displays hundreds or even thousands of images every day. As 60% of the weight of a typical ecommerce page can be in images, an improvement in the size of images, and the bandwidth they consume, can result in much faster page load times and a more engaging customer experience.

Image Management solutions can automatically resize, reformat, or compress images based on end user latency, device type, screen resolution, and browser type, thus improving page load speeds.

Image Management tools can also manipulate images dynamically and on-demand, so there is no need to store different variants of an image statically on the origin server, thus reducing storage costs. In addition, automating this task reduces the need to hire costly in-house teams.

Site administrators can also use image management solutions to perform customizations on product images, such as zoom-in, logo or text overlays, and color changes on-the-fly, greatly enhancing the shopping experience across platforms and improving engagement.

Furthermore, image management solutions ensure that the best suited image is dynamically delivered to every device, including smartwatches, tablets, and smartphones, every time.

Hackers are becoming increasingly sophisticated and innovative in executing attacks. Every ecommerce platform, including Magento, is vulnerable unless 360-degree security is established to defend against traffic-based attacks at the edge, malware insertions at the backend, bad bots, browsers executing mischievous scripts or third-party software that’s been compromised. With Magento, installing security patches as soon as they are available, and upgrading to the latest version are two best bets to stay ahead of the hacker.

How Magento attacks are executed

Magecart is an association of threat actor groups who target online shopping carts, mostly from within the ecommerce platform Magento. The Magecart name is derived by combining ‘Mage’ (from Magento) with ‘cart’ (shopping cart). This type of attack is especially dangerous as it only takes one line of code to steal payment card data.

In August and September 2022, hundreds of Magento stores were injected with malware via a supply chain attack that targeted the FishPig distribution server, a provider of Magento extensions for optimization and integrations with WordPress. Not surprising since Magento had stopped supporting M1 since June 2020. The FBI had warned in 2020 that hackers had been exploiting a known vulnerability in a Magento plugin to take over online stores and plant a malicious JavaScript code in the payment section that records and steals buyers’ credit card data.

Many Magento merchants are slow to install security patches, and these temporarily exposed vulnerabilities are one of the most common routes taken by cyber-attackers looking to exploit a storefront’s underlying code. Once they find such vulnerabilities, malicious code is uploaded and executed to gain full access to the system, customer data, credit card information and more.

But even a fully patched, up-to-date system can be left vulnerable if it hasn’t been properly configured, or if merchants do not follow the best practices of information security. Then there are also brute-force attacks and those that target zero-day vulnerabilities.

Improving your Magento store’s security

Cybersecurity is an arms race. As attackers get smarter, more sophisticated, and more determined, your best bet is to try and stay at least a couple of steps ahead.

When Magento publishes a vulnerability along with its security patch, run it immediately. Hackers monitor the release of these patches, and actively seek out sites that have yet to install them. Get to your vulnerability before they do, and if you can’t, work with a security partner that can.

Implement an ecommerce security solution that leverages real-time CSP (content security policy) protection to proactively identify script violations and prevent them from impacting the application.

Next, make sure you control admin access. Allow-list all your admin IDs, and restrict access to just those IDs. Make sure you frequently monitor and audit all access to this section. You also need to have mechanisms in place to prevent unauthorized PHP execution.

Bot management is another extremely important part of your cybersecurity strategy. Malicious bots need to be denied access to your site, as they can dramatically skew traffic data, as well as drain your infrastructure and cause it to scale unnecessarily. However, merchants must also ensure they’re not blocking good bots, like those deployed by Google or Bing to make your website easy to find on their search engines, are being restricted access as well.

Work with a cloud hosting provider that is PCI-DSS, SOC2 and HIPAA compliant and can help you with your timely certificate renewals as well.