Cloudways Review (2023): Managed Vultr HF + Cloudflare Enterprise = 2x Faster WordPress Page Load Times + 2x Firewalls

1. No More Managed Vultr?

As of May 2023, Cloudways only offers AWS, Google Cloud, and DigitalOcean, dropping their Linode and Vultr services.

A shame because I found Vultr to be the best provider.

First, the Google Cloud and AWS plans are crazy expensive: at least 2x more with fewer features than my self hosting.

Second, DigitalOcean only has 9 data centers across the world (2 in the US and 3 in Europe) while Vultr has 32 (10 in the US and 8 in Europe).

Source: Vultr

The more locations your provider has, the more places to host your website closer to your customers and the faster it loads.

Vultr > other providers ✌️.

You can get servers directly from Vultr, but they aren’t managed for you (eg. updating, troubleshooting) like in Cloudways.

This means managed Vultr servers are a steal because you get incredible performance (with the High Frequency series) while Cloudways handles the technical chores for you.

So, it’s a pity new users can’t get the best on Cloudways anymore…

Or can you 🤔?

Users who joined Cloudways before May 2023 (me) still have access to managed Vultr servers and we can share affiliate links that allow new customers to use them.

Get managed Vultr in Cloudways from me here.

2. Vultr HF (Faster than AWS)

Base Speed Test

Vultr High Frequency (HF) servers, like I said, give your website incredible performance.

These servers are ahead of the competition like AWS ones.

First, their CPUs clock 3.8 GHz speeds (Higher is faster) while my AWS server only clocks up to 3.1 GHz. 

Second, they use NVMe SSD storage, which is 10x faster than the traditional SATA SSD used by my server.

Source: CGDirector

To see if these specs hold up, I compared the speeds of the default WordPress website on Vultr HF vs my AWS server.

GTMetrix showed the page loading speed (Fully Loaded Time) is 30% faster on Vultr HF.

3.  Free Object Cache Pro (Worth $95/Mo)

Enhanced Speed Test

Object Cache Pro claims to be the most advanced caching plugin in the market.

To confirm this, I compared:

1. A test website with Object Cache Pro in Cloudways.
2. A clone with Redis in AWS.

According to GTMetrix, the page loading speed of my test website is almost 2x faster than its clone’s.

Heck, it’s only 46ms slower than the default WordPress website even with more plugins, 2,500 words, 20+ unoptimized images, and 1 YouTube video.

The Object Cache Pro has done a good job 👍.

At least for locations close to my servers.

Without a CDN, my page loading speeds were terrible in many parts of the world.

KeyCDN showed my website is too slow in regions far from North America, especially Asia and Australia. Even my speed in places closer to America weren’t the best.

SpeedVitals backed KeyCDN up: My test website is too slow for my readers in Europe. Together, my speed in America and Europe got only a C grade.

Adding in my speeds in Asia and Australia will make it even worse.

The conclusion is clear: Object Cache Pro is good for readers close to your server but far from enough for those in other parts of the world.

You need a CDN like Cloudflare Enterprise.

4. Cloudflare Enterprise ($4.99/Mo)

Here’s its main features:

1. CDN + Argo – Optimized + smart routing for your web traffic to 285 cities.
2. Brotli – The successor to gzip that compresses your web content better.
3. Polish + Mirage – Load images faster.
4. WAF – Protects your WordPress site at the edge in front of your server.
5. DDOS Protection (Layers 3, 4, 7) with global rate limiting.
6. Project Honey Pot – Stops traffic from suspicious IP addresses with Turnstile.
7. Bot mitigation
8. PCI compliance – Secure credit card transactions on WooCommerce websites.

5. Full Speed Test

After adding Cloudflare Enterprise to my test website: 

According to GTMetrix, my Fully Loaded Time in places closer to my server got a bit better.

But the real improvements were seen in places far away.

KeyCDN showed that my speed improved a lot across all regions, in both local and distant places like Asia and Australia.

SpeedVitals gave the same results: My speed got better in America and even more so in Europe. My grade is now a B.

And this speed should be even better now ever since Cloudflare Enterprise got Full Page Caching (WordPress only) in July.

So speed up your website with Cloudflare Enterprise now.

6. Security Test (Firewall War)

If faster website speeds can’t convince you to get Cloudflare Enterprise, security concerns will.

Adding Cloudflare Enterprise gives you double firewall protection with 1) its Web Application Firewall (WAF) and 2) Cloudways’ dedicated firewalls.

Source: Cloudways

Cloudflare Enterprise serves as the front door for your website traffic at the edge. Its WAF scans for malicious traffic and only allows legit requests to reach your server.

The dedicated firewalls on your server then deal with any threat that got past Cloudflare.

Cloudways manages these two firewalls, saving you time (time is arguably money) and effort.

In fact, Cloudways promises their website security is unmatched, but let’s not take them at their word.

Let’s see how their double firewall protection fares against my cyberattacks.

Round 1 – W/O Cloudflare

Starting with Cloudways’ dedicated firewalls, I launched 18,614 attacks and here’s the results:

• 4,537 seem to be blocked by Cloudways’ rate limiting rules (24% of my attacks).
• 13,176 attacks blocked by the dedicated firewalls.
• 1 out of 30 high risk vulnerabilities detected:
  • Path Traversal – 1 out of 886 attacks successful.
• 0 out of 12 medium risk vulnerabilities.
• 1 out of 2 informational alerts. These aren’t vulnerabilities.

Round 2 – W/ Cloudflare

Cloudflare says their WAF ‘analyzes millions of sites and 32 million requests per second to intelligently identify & block attackers and emerging threats at the edge’ with ‘rule sets tailored to protect WordPress and Magento websites’.

Sounds way beyond a simple firewall. 

Let’s see if I can break it.

I launched 21,986 attacks on my test website with Cloudflare Enterprise + Cloudways’ dedicated firewalls:

• 16,427 blocked by Cloudflare (75% of my attacks).
• 3,354 blocked by the dedicated firewalls (60% of the remaining attacks).
• 4 out of 30 high risk vulnerabilities detected:
  • SQL Injection – MySQL – 2 out of 203 attacks successful. Worrying as WordPress uses MySQL or MariaDB.
  • SQL Injection – PostgreSQL – 2 out of 174 attacks successful. Okay as Cloudways doesn’t use PostgreSQL.
  • SQL Injection – SQLite – 1 out of 289 attacks successful. Okay as Cloudways doesn’t use SQLite.
  • Remote OS Command Injection – 1 out of 1,041 attacks successful.
• 0 out of 12 medium risk vulnerabilities.
• 1 out of 2 informational alerts. These aren’t vulnerabilities.

If you think an extra firewall isn’t worth $5/mo, remember without Cloudflare Enterprise, all cyberattacks go directly to your server.

You can see this in Round 1 where the dedicated firewalls handled 4x more attacks. This puts a lot more strain on my server and slows my website.

The dedicated firewalls also seem to rate limit attacks worse than my WAF, which blocked me within the first minute of attack.

If I dial the attacks up to 11, your server will crash.

Like in a DDOS attack.

Which Cloudflare Enterprise protects all layers (3, 4 & 7) of your network against using its global rate limiting feature.

Taking this up a notch, Cloudflare Enterprise is now integrated with Project Honey Pot to stop traffic from suspicious IP addresses before they reach your server using Turnstile (Eric has an excellent video on how Turnstile works).

7. Outages (2023)

Cloudways’ incident history recorded 10 outages (partial or full in any location), totalling 232 hours in 2023.

Note that:

1. Outage duration was taken as the time difference between the first report and the final resolution.
2. Other issues like slower services were not factored in.

You can subscribe to get their latest system status.

8. Support 24/7/365

Again, back to AWS. Its support plan starts at $29 a month:

That is 4x the amount I pay for hosting! 

No, thank you, I’d rather sort out my mountain of issues myself.

But as a busy cloud hosting user, you will love Cloudways’ 24/7/365 support, which is included in all their plans and not charged separately from hosting like AWS.

I asked for support when I couldn’t add Cloudflare Enterprise and my issue was resolved in < 15 minutes (Shoutout to Maidah). 

Cloudways even offers a free migration if you are coming from other providers (Only the first migration is free. Subsequent ones cost $25 each).

9. Web Developer Tools

Cloudways manages a lot of technical stuff but leaves room if you want to get your hands dirty.

They offer:

• Git Integration – If you store your code in a Git repository.
• Staging environments – For testing new features before making changes to Production. I had to create this myself but it’s free in Cloudways.
• SafeUpdates (new) – If you’re too busy, Cloudways can update your stuff (plugins etc) and test them (regression, end-to-end, performance) for you to make sure everything runs smoothly.

10. Best Setup (45 min) + Tips

Server (30 min)

1. Create your account with my link.
2. Follow the steps in this 5 minute guide.
3. Choose one with at least 2GB to get Object Cache Pro.
4. Pick a server location close to your visitors.
5. Check that you are charged correctly.
6. Wait 10 minutes for it to start and viola! You have your very own server now. 

Here’s 6 tips to get the best out of your server.

1. Monitor your server

No more performance bottlenecks.

Go to Monitoring > Summary. Under Server Health, make sure your RAM and CPU Usage don’t exceed 75% for long periods or it’s a sign you need a more powerful server.

Optional: Cloudways partners with New Relic to help you monitor your website.

I personally find Web Transaction time, Error rate, and Slowest Transaction insightful. Here’s how its dashboard looks like:

2. Check that Control Core Services are running

Go to Manage Service and confirm all status are green (except for New Relic if you don’t need it).

3. Use the best and latest

Go to Settings and Packages > Basic, increase the memory limit to 512MB.

Under Packages, check that Redis (Object Cache Pro) is really installed (Only available for servers > 1GB) and update to the latest PHP (8.2) and MariaDB (10.6). 

(For WordPress users, you can also see Object Cache Pro in your console.)

4. Ensure your server backs up automatically

5. Whitelist your IP address for restricted stuff

Select Block all IP addresses, except those on the Whitelist.

Then, add your IP address (find yours here) to the whitelist and save your changes.

6. Scale if you are always running out of CPU or RAM

Go to Vertical Scaling, select the higher size you need, and click Scale Now.

Otherwise, your website will crash and you will end up like this:

Website (15min)

Here’s another 5 tips for your website.

Switch over to Application.

1. Monitor your website

Go to Monitoring > Analytics. I find these info incredibly useful in improving your website performance:

• Top IP Requests (Under Traffic)
• Top Requesting URLs (Under Traffic)
• Top Requested PHP Pages (Under PHP)
• Slow Pages (Under PHP)
• Slow Queries (Under MySQL)

Get more details about your website traffic under Monitoring > Logs.

2. Make sure Bot Protection is active.

Bots slow your website by using resources that could have been used on legit traffic.

3. Get HTTPS

Go to SSL Certificate and get a certificate to enable HTTPS on your website. 

It’s more secure than HTTP and makes your website more SEO friendly (Google ranks websites with SSL higher). 

Check out this Cloudways tutorial for more details.

4. Enable HSTS.

Complicated but this is another layer of security to make sure browsers can only connect to your website via HTTPS. Optional but recommended.

5. Give your website more memory

Go to Application Settings > PHP FPM Settings.

Change ;php_admin_value[memory_limit] from 32M to 512M:

11. Cons

No auto horizontal scaling – Any website hosted in the cloud (like mine) should have this.

How it works: A ‘copy’ of my website is created automatically in other servers when traffic is high and some visitors will be directed to this ‘copy’. This means my website will always be up and my readers will never see this:

Once traffic goes down, this ‘copy’ is destroyed automatically.

On the other hand, Cloudways uses vertical scaling which means upgrading to a more powerful server to handle more workloads. This is more expensive than horizontal scaling.

Cloudways also doesn’t scale automatically, leaving it to us to decide how much CPU/RAM we need and to scale by ourselves.

Update: A new feature called Cloudways Autoscale (in BETA) promises to fix this.

No free domain names – You can buy one from Namecheap and follow this Cloudways article to link it to your website.

No email hosting – Personally, I don’t see this as a major downside since hosting an email server slows your website. It is better to use an external email service like Gmail in Google Workspace.

Expensive top tier plans (16GB and 32GB) – Most of us don’t need such powerful servers though unless you have a massive website.

Just 4GB or maybe 8GB is more than enough for most websites.

12. Evaluation

Let’s revisit my 3 requirements (on my main page) and see how Cloudways did.

✅ < 2s page load time – With Cloudflare Enterprise and Object Cache Pro, I got page load times averaging 435ms.

❌ Security – Cloudways’ double firewall protection design has 4 high risk vulnerabilities (My WAF has 2). Bit surprising because the Cloudflare Enterprise WAF uses the OWASP Core Rule Set too but it doesn’t match up. Unlike my WAF though, it has bot mitigation and PCI compliance.

✅ > 95% uptime – Currently 97% uptime.

13. Final Thoughts

Cloudways is one of the better managed cloud hosting service providers, especially for WordPress.

Its pricing is quite reasonable considering the competition (eg. SiteGround) charges almost twice for lesser features (No free Object Cache Pro or WAF).

I have mixed feelings about the results though.

While the improvements in page loading speed are cool, I’m a bit iffy about security because my WAF offers better protection than Cloudways’ double firewall design.

Still, a case could be made that your firewalls are managed for you so you don’t have to.

While a lot of other technical stuff are managed for you too, Cloudways leaves space for some hands on. I prefer this because we get to indulge our inner nerd once in a while.

So I think the ideal Cloudways user is a busy engineer. Someone too busy to self host.

Normies who only want to focus on content creation and not worry about technical chores will find Managed WordPress providers like Rocket.net 👇 more suitable for them.