Web Dev

So long BlueHost, thanks for all the s**t

Print Friendly, PDF & Email

In 2017 I migrated 16 domains to WordPress. PHP runs well on Linux, but not so well no Windows in server production. This is not a fault of Windows, but one of PHP not being ported “to fit” properly on  Windows and more of a “make it run”. Because of this I looked for a managed shared host and ended up at BlueHost. And from there the disaster began.

For the first few months aside from it being slower than it should things worked acceptably. But the slowness became a real issue so I upgraded from a shared plan to a more powerful VPS with dedicated minimum resources.

The Upgrade

BlueHost informed me that the migration would start within 24-48 hours and we should avoid making any updates until the sites had been migrated. Approximately 2 weeks later and numerous contacts to BlueHost, the migration started. Then for approximately a week, most of our domains were completely offline.

Finally after fixing this, there were still problems but at least the most important domains were up.

The Aftermath

The following 3 months things would randomly break without any changes from us. SSL certificates would disppear, or worse yet sites would randomly get bound to the wrong SSL certificate. Sometimes the SSL certificate that the site would attempt to use was another of our domains, or in one case a domain of someone else.

I was in nearly daily contact with BlueHost and with one issue that they “fixed” repeatedly but each time simply broke it differently, I had ready to go text that I simply pasted into the chat every day. Talking to BlueHost became a part time job. Several times I called instead of using live chat and got better results, but still nothing ever got fixed properly.

Why did I stay? Migrating takes a lot of time, and the auto migrations never get all of ours stuff. And the remaining problems were on a domain that was not currently in use, but would be going live in 2018. Finally on the last day of Dec 2017, I started migrations as I could no longer afford the time lost. It took nearly four full work days of my time, but all sites were finally migrated.

BlueHost is a Stalker

So I began the migration. I transferred all 16 sites. And then near the end of fine tuning, the sites one by one started to go offline. Not just the admin section, but the entire site with:

403 Permission Denied

Nothing I did could resurrect the sites. Something corrupted some global resource in each site and I was never able to determine what had changed.

So I deleted all the sites, and started again. At first I thought it was a new WordPress plugin I had installed as it happened about the same time I installed it to each domain. This time I migrated the sites and avoided that plugin. And then it started appearing again:

After several hours, many retries on importing the sites and then testing step by step, I finally found the problem. It was very problematic to find as it did not occur in direct response to any step that I could determine that I was doing. It happened randomly, but once it happened the entire site was dead.

It turns out that it was as plugin that was borking the sites. And it was happening on a delay, so I had trouble determining what it was. Worse yet, the plugin to blame was not listed in the installed plugins, and it was a plugin that I never installed.

BlueHost installs hidden WordPress plugins. And when they exist on a host other than BlueHost, they kill the entire site. Most likely simply because they hired the cheapest PHP developer they could find, but still the end result is the same.

To migrate off of BlueHost you need to manually remove the plugins and export the site before BlueHost readds them, or import to the new host and then remove them very quickly before something triggers them. Saving, or sometimes just opening the WordPress settings page will trigger the death, but so will accessing the site for a page that gets cached. So you need to be fast, or do it with the site offline to prevent users from causing it to take down the site.

One of the plugins sometimes shows up on the WordPress settings page, but not always and the plugins killed many of my sites even though it did not appear on the settings pages of all sites.

The Endurance Cache is not part of WordPress and is a proprietary BlueHost plugin. One would expect information to exist on this page clearly identifying this fact, but its already been established what poor development practices BlueHost allows.

How to Remove?

As stated prior they need to be removed as soon as possible after importing a WordPress site, or immediately before exporting. The plugins do not usually appear in installed plugins and even when a “BlueHost” plugin is visible there, it does not allow removal from the interface.

The plugins exist in wp-content/mu-plugins (mu is must use). In addition to the endurance cache, there is also an SSO plugin (Single sign on) that also interferes with logins when the site does not exist on BlueHost and results in missing cookie errors, or “password field is blank” even when its not. Fortunately if you just keep reloading the page a few times and retrying, it will eventually let you in.

Some of my sites had all four of these BlueHost plugins, others only had two or three. If you have any of these, remove them all.

SSL Hell

SSL is a necessity of any serious website today, even if only for Google rankings. With BlueHost their free SSL is hell. For each domain the user has to manually request a SSL certificate. This process when it goes well (which it rarely did for me) takes about 1-2 days. Otherwise it took days, weeks, or in one case 3 months and after dozens of contacts it was never issued.

BlueHost also does not support free SSL on subdomains, and their charge for a premium SSL certificate is outrageously marked up at about $12 per month per domain. Using this, the hosting charges will be the least of your worries.

The SSL certificates have an option to auto renew, but of course that does not always work well either and then it just leads back to daily contact and weeks of waiting, all the while your site shows end users security warnings as Chrome and others now prefer SSL.

It all seems like a purposeful plot to try to up sell their overpriced SSL premium certificates.

BlueHost Support

BlueHost support tries to help and wait times are not long. But their live chat system is horrible. Quite often it disconnects and there is no notification whatsoever and it lets you send messages into the void. You never know if the support staff is still with you, or if you are talking into the ether.

A2 Web Hosting

Several weeks prior I had done research to find a new WordPress hosting service. We looked at many, but A2 Web Hosting kept coming up with good reviews. People were calling it, “a hidden little gem” and so far I have to agree. If you decide to use A2, please use my referral link although my recommendation has nothing to do with the referral.

I have only been with A2 for a few days now, but within the first few hours I could already see huge differences.

SSL certificates are automatically requested and installed. And they do it for subdomains as well. At first their system will install a temp self signed certificate. But within hours they will install a full proper CA based certificate.

The control panel at BlueHost was ok, but A2’s is better. Support at A2 is faster, doesnt disconnect, and the support staff while still obviously offshore but it better than at BlueHost.

Pricing is good to. At A2 I am paying about the same, but getting more CPU cores and more RAM. And the server overall is noticeably a lot faster. This is important with WordPress. WordPress overall is pretty nice, but its fairly CPU intensive when pages are being served or the admin panel is being used.