Resources › Guides › Magento hosting

The ultimate guide to
Magento hosting

A definitive playbook for building and securing Magento Open Source in the cloud.

Magento hosting is managed cloud infrastructure built for Magento Open Source and Adobe Commerce storefronts.

The right hosting absorbs peak traffic without manual intervention, keeps the storefront under Core Web Vitals thresholds, holds PCI DSS and SOC 2 compliance and frees engineering teams from operating the stack by hand. This guide walks through what Magento hosting has to do, the hosting categories merchants choose between, how to evaluate a provider, how scaling works, how to optimize for performance and how to secure a Magento store.

01 · What hosting has to do

What Magento hosting has to handle.

Magento powers complex storefronts. Catalogs of hundreds of thousands of SKUs, custom checkout flows and heavy admin loads from product teams running ERP integrations. A hosting setup built for static sites or low-traffic blogs will collapse under that weight.

Magento hosting at the mid-market and enterprise level has to absorb traffic spikes without manual intervention. The storefront has to stay green on Core Web Vitals, because Google ranks on those scores. Compliance with PCI DSS, SOC 2 and HIPAA holds across every region the merchant operates in. Engineering teams need to be free from cron jobs and Varnish cache state, which is operational tax that adds nothing to the customer experience.

Most hosts cover the basics. A platform built for Magento covers the whole list at once. That's the difference between a hosting provider and a hosting platform.

02 · Technical baseline

The technical baseline.

To run Magento 2.4.8 or newer, the server environment needs PHP 8.3 or 8.4, MariaDB 11.4 or MySQL 8.4 LTS, Nginx 1.x or Apache 2.4, plus Composer 2.x and OpenSearch 2.x. MySQL 8.0 has reached end of support per Oracle's lifecycle policy and is no longer recommended. See Oracle's MySQL support timeline for exact dates. Older Magento versions are on the extended support track. These specs can be met by any hosting category, which is why the next question is which delivery model fits the merchant's profile.

Language
PHP 8.3 / 8.4
Database
MariaDB 11.4 / MySQL 8.4
Web server
Nginx 1.x / Apache 2.4
Build
Composer 2.x
Search
OpenSearch 2.x
Target version
Magento 2.4.8+
03 · Hosting types

Types of Magento hosting.

Magento can run on any of the major hosting delivery models. Each one has a different cost and operational profile.

What is shared hosting for Magento?

Shared hosting puts multiple businesses on a single server. Bandwidth is shared, so the store slows when another site on the box hits demand.

It works for very small Magento stores that can tolerate slowdowns. It rules itself out for anything that depends on consistent uptime or response time.

What is dedicated hosting for Magento?

Dedicated hosting leases an entire server to one merchant. Full control over the stack, full cost on the merchant.

Physical server limits cap scaling during traffic surges. If the server crashes at peak, the store crashes with it.

What is VPS hosting for Magento?

A Virtual Private Server gives the store its own slice of a shared physical server, with allocated CPU and RAM.

More stable than shared, more flexible than dedicated, priced between them. VPS fits growing stores not yet at the scale that needs managed cloud.

What is cloud hosting for Magento?

Cloud hosting distributes the Magento storefront across multiple servers and locations. Unexpected traffic peaks are absorbed without downtime because capacity comes from a distributed pool of resources across multiple servers. The pay-as-you-go model means the merchant only pays for what they use. Managed effectively, cloud hosting is the most cost-efficient option for a serious Magento store. Managed poorly, it produces surprise bills and wasted capacity.

What's the difference between managed and unmanaged Magento hosting?

Managed Magento hosting includes site migration, deployment, ongoing security maintenance, performance optimization and day-to-day operational management. A fully managed provider has Magento expertise on staff and patches vulnerabilities before they hit the merchant. The merchant pays a monthly retainer and stops worrying about infrastructure.

Unmanaged hosting hands the merchant root access and the keys to the server. The merchant installs patches and configures the environment themselves. When something breaks, the merchant owns the fix. Unmanaged hosting looks cheaper on paper, but the engineering hours add up fast for stores at scale. For any Magento Open Source store doing meaningful volume, managed hosting is the sensible answer.

04 · Choosing a provider

How to choose a Magento hosting provider.

Choosing a hosting provider is the most consequential infrastructure decision a Magento merchant makes. The provider determines uptime, page speed, security posture and the operational tax engineering carries every day.

How big is the store?

Store size sets the floor for hosting resources. A store with 5,000 SKUs and steady traffic has different needs than one with 685,000 SKUs and seasonal spikes. The larger the store, the less viable shared and basic VPS hosting become. For mid-market and enterprise stores, managed cloud is the option that scales with the business.

How does Magento scalability work?

When traffic surges to 10x or 100x normal levels, the storefront capacity needs to match it. A setup that scales automatically and predictively (based on traffic patterns and machine learning) keeps the store right-sized at every point in time. Predictive auto-scaling prevents over-provisioning (paying for capacity that isn't used) and under-provisioning (downtime when demand spikes). Manual scaling can't keep up with ecommerce traffic, which fluctuates by the minute.

What about page performance and Core Web Vitals?

Site speed is the second most consequential feature of the store, after security. Magento sites tend to run slow when they aren't optimized. Caching strategy and CDN selection matter more than hardware specs alone. Core Web Vitals (LCP, FID, CLS) directly influence Google rank, which means slow Magento pages cost both conversion and traffic.

Real User Monitoring data is the input that lets the hosting platform tune performance against live user behavior in production.

What about security?

Security is the single most important consideration for a Magento hosting plan. Magento's own security features protect the storefront code. The hosting backend needs separate protection. The hosting layer needs a real WAF, bot management, edge security and an active SecOps team monitoring threat feeds. A basic firewall doesn't keep up with the attack surface modern commerce faces.

PCI DSS, SOC 2 Type 2 and HIPAA certifications matter for any merchant handling payment data or operating in regulated industries.

What about deployment flexibility?

Every merchant has a different architecture. The hosting provider should support whichever model the merchant chooses: monolithic Magento, headless with PWA Studio or Hyva, Jamstack frontend, mobile or kiosk experiences. A provider that locks the merchant into one deployment model becomes a constraint as the business evolves.

What about support?

Support is where most hosting providers fall short. When something breaks, the merchant needs someone who knows both Magento and the infrastructure beneath it. Generic Tier 1 support reading from a troubleshooting script wastes the merchant's time. A 24/7 DevSecOps team with Magento and cloud expertise resolves issues in minutes instead of hours. Look at the customer support SLA before signing. The contractual response time is the floor. Anything beyond it is what the provider chooses to deliver.

05 · How categories compare

How Magento hosting categories compare.

Hosting providers fall into categories with different capability profiles. The table below maps each category against the capabilities that matter for a serious Magento store.

Capability Managed hosting Self-hosting cloud CDN DIY cloud Webscale
Magento platform expertiseLimitedLimited×None
Application proximity (origin shielding)××
Infinite capacity×××
Predictive auto-scaling×××Limited
Core Web Vitals optimizationLimitedLimitedMaybe
Multi-layer securityLimitedLimitedMaybe×
Multi-cloud disaster recovery×××Manual
Headless and PWA deliveryLimited××Maybe
Deep observability××××
24/7 proactive support with SLAs×
Fully integrated platform×××
Lower TCO××MaybeMaybe
06 · How scaling works

How scaling works for Magento.

Scalability is the difference between a store that handles Black Friday and one that crashes on it.

What's the difference between vertical and horizontal scaling?

Vertical scaling means adding more processing power, RAM or storage to an existing server. It's usually expensive and requires downtime to upgrade. It doesn't make the system fault tolerant. If the server fails, the site goes down. Vertical scaling is limited by what a single server can physically support.

Horizontal scaling means adding more servers to a cluster and using a load balancer to distribute traffic across them. Horizontal scaling is faster than vertical, requires no restart and can be done with zero downtime. It also adds redundancy, which means failure of one server doesn't take the site down.

What's the difference between manual and automatic scaling?

Manual scaling requires a human to spin servers up or down based on demand. In an ecommerce environment with minute-by-minute traffic fluctuations, manual scaling can't keep up. Human error introduces both cost and downtime risk: forgetting to scale back down wastes money, scaling up too late means lost sales.

Auto-scaling defines trigger points like memory utilization or request rate and reacts automatically. When demand crosses a threshold, capacity is added. When it falls, capacity is released. The store stays right-sized without human intervention.

What is predictive auto-scaling?

Predictive auto-scaling reads current traffic patterns and applies machine learning to anticipate future demand. Instead of reacting after a traffic surge starts, it provisions capacity before the spike hits. The result is a store that's always up and responsive, with capacity matched to actual traffic rather than worst-case projections.

07 · Performance optimization

How to optimize Magento for performance.

Fast page loads on Magento come from caching and CDN strategy working together. Image management feeds both. Hardware specs alone don't deliver Core Web Vitals scores.

How does caching improve Magento performance?

Caching keeps frequently-requested data in memory instead of fetching it from a database on every page load. For Magento, which runs database-heavy queries, caching isn't optional.

Redis is an in-memory key-value store, optimized for Magento 2. Redis caching is faster than most database-backed caching because data lives in RAM and lookup time stays constant. Redis supports the data types Magento uses natively, which makes it the standard application caching layer for production Magento 2.

Varnish is an HTTP reverse proxy that caches whole server responses. When a visitor requests a page, Varnish serves it directly from cache instead of routing the request to Magento. Varnish is powerful but complex. It isn't fully compatible with some third-party Magento extensions and the optimal configuration is hard to get right without expertise.

Does Magento need a CDN?

A CDN caches static page elements (images, CSS, JS) on a global network of edge servers and delivers them from the location closest to the visitor. For Magento stores serving customers across geographic regions, a CDN is essential. It cuts latency for visitors and takes meaningful load off the origin, both of which lift Core Web Vitals scores.

Not all CDNs are equal. A CDN built for ecommerce understands cache patterns specific to commerce. Cart pages can't be cached the same way as product pages. Anonymous sessions can be cached but logged-in sessions can't. Edge CDNs that combine caching with security and dynamic content acceleration are the right choice for serious Magento stores.

What is dynamic site caching?

Most Magento pages are personalized. The shopper sees different content based on location, device, session history and cart state. That makes page-level caching tricky. Dynamic Site Caching solves this by caching anonymous and bot requests at the edge while routing personalized requests through the application origin. The result is fast page loads for first-time visitors and reduced load on the origin server.

How does image management affect Magento performance?

A meaningful share of the weight of a Magento page comes from images, often the largest single contributor to total page weight. Image optimization is one of the biggest performance moves available. The right tool adjusts size and format on the fly based on what the visitor's device needs. The store delivers the right image at the right size every time, without storing dozens of pre-rendered variants on the origin.

08 · Security

How to secure a Magento store.

Magento is a high-value target. Hackers know Magento stores process payment data, and the attack surface is large enough that vulnerabilities appear regularly. A real security posture covers multiple layers.

How do Magento attacks usually happen?

Unpatched vulnerabilities are the most common attack vector. When Magento publishes a security patch, hackers monitor the release and actively scan for stores that haven't applied it yet. Unpatched stores get exploited fast.

Magecart attacks inject malicious JavaScript into the checkout flow and skim payment card data as customers enter it. A single line of malicious code is enough to compromise a checkout.

Supply chain attacks compromise third-party Magento extensions to reach hundreds of stores at once. In 2022 the FishPig extension distribution server was compromised and used to distribute malware to Magento stores running FishPig extensions.

Brute-force attacks try password combinations until something works. Zero-day attacks exploit vulnerabilities that haven't been publicly disclosed yet. Both are constant background pressure on any Magento store.

How do you secure a Magento store against attacks?

Apply security patches the day Magento publishes them. Work with a security partner that can do this on the merchant's behalf if internal teams can't move that fast.

Run a real-time Content Security Policy that identifies and blocks unauthorized script execution at the browser level. CSP catches Magecart and similar injection attacks before they touch payment data.

Enable two-factor authentication on the Magento admin panel. Adobe requires it by default from Magento 2.4.x onward. Allow-list specific admin IPs, audit access regularly, and prevent unauthorized PHP execution at the server level.

Add bot management that distinguishes good bots (Googlebot, GPTBot, ClaudeBot) from malicious ones. Blocking everything blocks customers along with threats.

Maintain PCI DSS, SOC 2 Type 2 and HIPAA compliance through the hosting platform so the merchant's team can focus elsewhere. Certificate renewals should be handled by the platform.

Run a 24/7 SecOps team that watches threat feeds and applies fixes in real time across customer environments. Threats move faster than business hours.

09 · Webscale platform

Magento hosting with Webscale.

Webscale is a managed Magento hosting platform built in layers, with AI orchestration adapting infrastructure behavior in real time.

Sits in front of the storefront and handles CDN, WAF, rate limiting and observability. It captures session and infrastructure signals and adapts under load. The host reacts. The platform anticipates.

Layer 02

Runs on AWS with traffic-aware autoscaling and high availability built into every plan. Engineering teams stop babysitting cloud configurations. Bills track traffic instead of surprising the finance team. The architecture has supported merchants through ten years of Black Fridays.

Layer 03
AI Orchestration

Reads live signals from session and infrastructure data, then adjusts cache policies and autoscaling automatically. Engineering teams stop spending nights tuning Varnish. The infrastructure tunes itself.

Layer 04
Commerce Agents

AI capabilities layer on top of the hosting foundation. Customer Data Platform, AI Segmentation and AI Shopping Assistant all run on the same infrastructure as the storefront, with real-time access to first-party data.

FAQ

Frequently asked questions.

The questions buyers, engineers and agencies bring to Webscale when scoping a Magento move.

What is Magento hosting?

Magento hosting is managed cloud infrastructure built for Magento Open Source and Adobe Commerce storefronts. It handles the database-heavy queries, complex caching patterns and traffic spikes that generic cloud hosting can't, while keeping the store PCI compliant and within Core Web Vitals thresholds.

What is the best hosting for Magento Open Source?

The right hosting for a Magento Open Source store absorbs traffic spikes without manual intervention, stays PCI DSS and SOC 2 compliant and includes 24/7 expert support from engineers who know Magento. Managed cloud hosting on a platform built for Magento is the category that covers every requirement.

What's the difference between Magento and Adobe Commerce hosting?

Adobe Commerce is the paid enterprise edition of Magento. Hosting for both works the same at the infrastructure layer. The difference is in feature support. Adobe Commerce includes B2B modules, advanced merchandising and other enterprise capabilities that Magento Open Source doesn't have.

What's the difference between Magento Open Source hosting and Adobe Commerce Cloud?

Adobe Commerce Cloud is Adobe's hosted environment for Adobe Commerce. It bundles infrastructure with the commerce license at a fixed managed-services tier. Webscale hosts both Adobe Commerce and Magento Open Source on cloud infrastructure built for commerce. Predictive auto-scaling and AI orchestration run on every plan, with Magento-certified support included. The trade-off is bundling versus choice. A managed Magento host lets the merchant pick their infrastructure partner separately from their commerce license.

What are the system requirements for Magento hosting?

Magento 2.4.8 and newer needs PHP 8.3 or 8.4, MariaDB 11.4 or MySQL 8.4 LTS, Nginx 1.x or Apache 2.4, plus Composer 2.x and OpenSearch 2.x. MySQL 8.0 has reached end of support per Oracle's lifecycle policy and is no longer recommended. Older Magento versions are on the extended support track.

What types of Magento hosting are available?

Shared, dedicated, VPS and cloud hosting are the main delivery models available. Each one comes in managed or unmanaged form. For a serious Magento store, managed cloud hosting on a platform built for Magento is the category that scales reliably.

How much does Magento hosting cost?

Magento hosting pricing tracks traffic volume, catalog size, peak season multiples and how much operational work the host absorbs. Webscale's Essentials plan starts at $499 per month for smaller Magento Open Source storefronts. Mid-market and enterprise plans price against throughput and the operational hours the host covers. Engineering hours hidden in unmanaged setups usually erase the line-item savings at scale.

Is managed hosting worth it for Magento?

For any Magento store doing meaningful volume, yes. Managed hosting includes site migration, security patching, performance optimization and operational management by people who know Magento. The monthly retainer is usually less than the engineering hours unmanaged hosting consumes.

What is predictive auto-scaling for Magento?

Predictive auto-scaling reads current traffic patterns and uses machine learning to anticipate future demand. Capacity is provisioned before a spike hits instead of reactively after. The store stays right-sized at every point in time without over-paying for idle capacity.

Does Magento need a CDN?

Yes, if the store serves customers across geographic regions or expects meaningful traffic. A CDN caches static elements at edge locations close to the visitor, which reduces latency, improves Core Web Vitals scores and lowers origin server load.

What's the difference between Redis and Varnish caching for Magento?

Redis is an in-memory key-value store, typically used as Magento 2's standard caching layer for data the application needs repeatedly. Varnish is an HTTP reverse proxy that caches whole server responses and serves them without hitting Magento. Most Magento 2 setups use both, with Redis for application-level cache and Varnish for full-page cache.

How do you secure a Magento store?

Apply security patches the day Magento publishes them, then run a real-time Content Security Policy to catch script-injection attacks at the browser level. Allow-list admin access by IP and add bot management that distinguishes legitimate bots from malicious ones. Maintain PCI DSS, SOC 2 and HIPAA compliance through the hosting platform and run a 24/7 SecOps team watching threat feeds.

What are the most common Magento attacks?

Unpatched vulnerability exploits, Magecart-style payment skimmers injected into checkout, supply chain attacks through compromised third-party extensions, brute-force attacks against admin accounts and zero-day exploits. Magento's payment processing surface makes it a high-value target.

Is Webscale PCI DSS, SOC 2 and HIPAA compliant?

Yes. The Webscale platform holds PCI DSS, SOC 2 Type 2 and HIPAA certifications. Certificate renewals are handled by the platform.

Can Webscale host headless Magento builds?

Yes. Webscale hosts the Magento backend in one cluster and the headless frontend (Hyva, PWA Studio, Next.js storefronts) in another, with routing managed at the proxy layer.

Does Webscale support Hyva?

Yes. Hyva runs as a Magento frontend theme and Webscale hosts the full stack. Many merchants moving to Hyva migrate hosting at the same time to capture the performance gains end to end. Webscale routes Hyva and the Magento backend through the same edge layer, with caching tuned to how Hyva handles personalization.

Does Webscale still support Magento 1?

Yes. Webscale continues to support Magento 1 storefronts with security patches and PCI compliance maintenance. Many merchants stayed on Magento 1 longer than the official EOL because re-platforming costs and the Magento 2 migration scope were heavier than expected. Webscale's coverage has held them through the gap without forcing a rushed move.

How long does Magento hosting migration take?

For a Magento store with a stable codebase, migration typically lands inside a quarter. Stores with custom forks or legacy extensions take longer because the codebase needs review before the move.

Get started

Get started with Magento Open Source hosting.

Bring your store and see what migration would look like for your specific stack.