Kinsta WordPress hosting review

Disclaimer: I use affiliate links (who doesn’t), this makes no difference to you, but gives me a small commission if you then decide to make a purchase from that company. Please note I do not ever recommend a product or service just to get clicks. Unlike a large proportion of reviews out there, my reviews are legitimate, honest and based on personal experience of actually using said product/service. If you have a problem with affiliate links, don’t click them, simples.

Last year I received an email from Kinsta asking me if I would do a review of their WordPress hosting, which I agreed to do, so here it is.

I would first like to clarify that despite being asked to write this Kinsta WordPress hosting review, it has not been sponsored, I have not been paid or offered any incentive whatsoever, so, like all my reviews, it is completely unbiased and based on my actual first-hand experience.

For the purposes of this review, I will be using my current host Guru for comparison, so this will also conveniently serve as a Kinsta vs Guru review at the same time. Although it probably isn’t a fair comparison and I am expecting Kinsta to win.

It is also worth mentioning that 6 months have passed since I was originally asked to write this, so they had forgotten about me by the time I wrote this, and I certainly did not appear to be getting any special treatment from their support dept.

Unlike most other people who review and compare WordPress hosts, I do not think that speed and TTFB is the be-all and end-all and the only thing you should care about. Customer service, security, reliability, price and features are also important factors that you need to take into consideration.

There is little point in having a super-fast website if it is not reliable, the host does not care about you or your business (yes Siteground, i’m talking about you), the tech support is incompetent/unhelpful and the servers are insecure or unreliable,

The Migration

I used my own website for the testing since it is running multisite (with 6 sites) and so is the biggest and most complex site that I manage. This does make it more of a PITA to migrate as most backup plugins do not support multisite unless you pay for a pro licence.

I used Migration Guru to migrate my site, as this is the only FREE plugin that does multisite that I am aware of, it is also better than many of the other backup plugins, including the paid plugins. For regular sites I have been using wpvivid, which I discovered a little while ago, which has a very handy auto-migration feature, even in the free version.

I didn’t bother asking Kinsta to migrate my site, as this always takes too long to ask the host to do this in my experience and I didn’t want to sit around waiting for a week, so I just did it myself, ergo I cannot comment on their migration skills.

Performance

performance

According to their website, Kinsta use state-of-the-art technology like Nginx, PHP 7.4, LXD software containers, MariaDB, and compute-optimized VMs to make sure your website loads in the blink of an eye. Featuring complete resource isolation, automatic scalability, and high availability.

Powered by Google Cloud Platform and its 22 global data centers. Everything is interconnected over their premium tier network, designed to minimize distance and hops, resulting in fast and secure transport of your data.

This setup is far superior to your average budget host, who will be running Apache + MySQL in a non-isolated environment, which is slower than NGINX + MariaDB.

Kinsta also supports Cloudflare Railgun, which ensures that the connection between your origin server and the Cloudflare network is as fast as possible.

I am not going to go overboard with the performance testing, since as I mentioned above, this is not the be-all and end-all, but just one of several deciding factors when choosing a host.

According to Kinsta, there is no need to use any caching plugins, since that is all handled automatically on the server. So I will be following this advice and not doing any caching on the site itself.

I am using gtmetrix to run comparison tests with my live site, which is hosted with GURU, You can read my Guru review here.

Note that my live site is using LitespeedCache + Cloudflare

TEST 1

This is with Cloudflare disabled (bypassed) for kinsta, which is not required according to their docs.
CF minification is also disabled for both sites.

I performed the test 10 times and the average loading time was as follows

Kinsta 1.61s
Guru 1.66s

So kinsta is only 0.05s faster, which is literally nothing, so it is a tie.

But bear in mind that Kinsta does not perform any minification on their side, so despite what they say about not needing to use a plugin, you obviously do need a plugin to perform minification or use the Cloudflare minification as below.

TEST 2

This is with Cloudflare enabled on both sites with minification.

Kinsta 1.59s
Guru 1.87s

So on average, Kinsta is only 0.28s faster with modification enabled. This is rather disappointing considering the price difference between Kinsta and GURU.

Load Test 1

The load-test simulates multiple users and simultaneous connections, thus showing how the host can cope under load. I performed the tests using k6.io.

For the first test I used 20 virtual users from a region in the USA.

20 virtual users
Region: Ashburn (US)
Duration: 5 minutes

Active Virtual Users
Response Time
Request Rate

KINSTA

kinsta load test 1
Kinsta Load Test 1

GURU

guru load test 1
Guru Load Test 1

As you can Guru’s average response time was 100 ms faster at 220 ms compared to Kinsta with an average of 319 ms. So not only was Guru faster, but also managed to handle more requests per second.

Load Test 2

In the second test I switched the region to UK, which is where the sites are hosted and upped the virtual users to 50.

50 virtual users
Region: London (UK)
Duration: 5 minutes

Kinsta load test 2
Kinsta Load Test 2
Guru Load Test 2
Guru Load Test 2

This time round Kinsta wins, so has better response times from the UK, but only by 22 ms. Other than that, both hosts handled the load equally.

I must say that I find these results very surprising, especially when you consider that GURU is shared hosting while Kinsta is dedicated WordPress hosting on the Google cloud platform and is 5 x the price for the cheapest plan. I was honestly expecting Kinsta to win this hands down.

In theory, Kinsta should scale better if you have a high traffic site due to the fact it is a dedicated cloud platform, which is presumably the type of client/site that Kinsta is targeted at, rather than the small low-traffic site.

Security

This is the one area that most people do not consider or pay any attention to and which most WordPress reviews also completely ignore.

Kinsta employs active and passive measures to stop attacks and malicious intent in its tracks. Continuous monitoring for uptime, DDoS attack detection, software-based restrictions, SSL support, and hardware firewalls. Bottom line: your site is monitored and secured 24/7.

Kinsta hosting has a number of features that will reduce the chances of you being subject to DDoS attacks.

All of the sites hosted at Kinsta are stored behind the Google Cloud Platform (GCP) Firewall. Each site container (where your WordPress site lives) runs on a virtual machine in one of multiple GCP data centers. This is behind a load balancer, which is then secured behind the GCP firewall.

All of this makes it much harder for a DDoS attack to get through.

Another Kinsta feature which can help protect you once a DDoS attack has begun is GeoIP blocking. Kinsta will detect any DDoS attack and alert you to it. You can then use the Geo IP blocking feature to block the geographical area from which the DDoS attack is coming.

This means you can safely block a geographical region where an attack is coming from and IP addresses from that region will no longer be able to send requests to your site.

FTP

Only SSH and SFTP are allowed. Plain FTP is disabled.
Why is this good? Because Plain FTP is completely insecure as everything is sent in plain text, including your login credentials. 

MYSQL

Remote database access is only allowed via SSH.
Again this is a good thing, as it means the connection and all data is encrypted. 

 

Did you know.
Most of the popular budget hosts still allow the insecure, unencrypted connection protocols and do not have DDOS protection

Features

As is usually the case with specialised WordPress hosts, they also have their own custom control panel which has a limited set of features when compared to the likes of CPANEL, since it is only for WordPress.

User management & audit log

You have the ability to invite additional users to your account and assign them one of three roles: Administrator, Developer or billing. Thus limiting what they can do and access.

You also have a very handy audit log, which shows you all actions performed by each user. Very handy if your site mysteriously breaks and you need to find out why.

Analytics

CDN Usage is Now Available in MyKinsta Analytics

Kinsta has some handy-looking analytics to tell you how your site is performing, response times, Geo & IP, CDN usage and more. All very simple to understand with graphical charts.

Backups

Kinsta do daily backups as standard with the option to create up to 5 manual backups, backup every 6 hours for an additional $50 per site/month or hourly for an additional $100 per site/month.

This once again is rather expensive in comparison to Guru, who perform backups every 4 hours on all standard plans (which start from only £4.99) and hourly on their pro plans (which start from £29.99) at no extra cost.

Although the Kinsta backups seem considerably easier to manage and more user friendly, with the option to restore to staging or live . My Guru backups by comparison are done with R1soft backup via cpanel and are quite cumbersome to deal with and I have on many occasions had to contact Guru support to get them to perform a restore as it wouldn’t work via the control panel.

Tools

They have a few handy tools in the control panel to make life easier without having to resort to plugins.

Search & Replace.
Use this handy tool to replace any value in your database. Very useful when changing domains or migrating a website.

WordPress debugging.
Use this tool to see warnings, errors and notices on your website.

Restart PHP
Restarting your PHP engine may clear out some issues that lead to site speed problems or connectivity troubles.

New Relic monitoring
New Relic is a PHP monitoring tool you can use to get detailed performance statistics on your website. Use with care as it impacts site performance.

Force HTTPS
Redirect all visitors so that they visit your site through HTTPS. This greatly enhances security, and search engines like this too, so it helps your SEO.

Support

This is the one area where most hosts fail dismally. I have signed up with a host and then left within a few days due to the terrible support and customer service.

My interactions with Kinsta support overall were positive. They attempted to give detailed responses to all my questions and didn’t try to pass the buck. They appear to be knowledgeable and capable of giving relevant technical responses.

Obviously, my experience with Kinsta support is limited, for the purposes of this review, and while I have no complaints, I don’t get the feeling that they would go to the same lengths to help as Guru have.

There is no phone support, only live chat or email, which may be annoying for many people. They also use the same live chat that Elegant Themes use. This has driven me up the wall before as it isn’t really a live chat, it is a ticket system in the guise of a live chat, so you could potentially be sitting there for hours waiting for a response.

What is Managed WordPress

The term “Managed WordPress Hosting” is very ambiguous and tends to also be misleading. A lot of customers believe this means that the host is also managing their website, which is not the case. In many cases you are getting nothing extra at all and it is just regular hosting.

I received an automated email from Kinsta about a vulnerability in one of the plugins I use. I then noticed that there is no options on Kinsta to even update WordPress or plugins/themes, which you do get on Guru via Installatron. So I asked Kinsta to clarify what exactly they mean by “managed WordPress”.

Here is the response.

Hi Russ! I just wanted to help clarify the security features we use here to help harden the server – please note that we do not automatically update plugins though.  There are three main pieces when it comes to security:

  1. Securing the environment itself.
  2. Securing WordPress.
  3. Monitoring the traffic that and activity that reaches the site.

We handle item 1 completely. Our environment is secure. To date, we’ve never had a site compromised due to a weakness on our platform, nor have we ever had any sort of data breach. We feel strongly enough about how we’re holding up our end of the bargain to offer a security guarantee: https://kinsta.com/knowledgebase/security-guarantee/.

We help with item number 2 by having a variety of WordPress-specific security features such as monitoring and banning IPs with multiple failed login attempts, blocking access to xmlrpc (except for known services), and disabling the execution of code in wp-uploads. Having said that, we don’t police user activity or force updates. So it is possible, for example, for a plugin vulnerability to be exploited if a user fails to keep plugins updated (or if the exploit is used before an update is available). It is also possible for users to create really weak credentials and have a site compromised that way. You can further strengthen this piece by ensuring you always keep all themes, plugins, and the WP core up to date and using a good security plugin to force users to use strong passwords.

What we don’t do is very much in the way of item number 3 and that’s where a good WAF like Sucuri can come in useful. Our Sysadmin team does run a firewall on our platform and do a lot of manual banning of IPs based on certain activity profiles as well as automated banning of obviously malicious activity (like repeated failed SSH login attempts), but you aren’t going to get the same level of WAF protection as what you’d get with someone like Sucuri. Having said that, the vast majority of our customers do not use a third-party WAF and do not experience any issues as a result of that. 

I hope that helps clarify further, please let us know if you have any additional questions!

1
0
Would love your thoughts, please comment.x
()
x
Share This