Features

Everything in the box.

Not a tour of architecture. A list of what changes for you and your customers, day to day.

For you, the operator

One predictable bill, forever.

Three tiers per server: $1.50, $7.50, $19. After 25 customers on a server, the bill stops growing. Add more servers, the math is just multiplication. No renewal hikes.

You can see who did what.

Every privileged action is logged: who suspended a customer, who changed a plan, who stepped into someone's account. When something goes wrong — and at some point it will — you have a paper trail.

Step into a customer's account to debug.

Click "Impersonate". You see exactly what they see. Help them without asking for their password. Everything you do in their session is logged for them and you.

Resellers that can't get out of hand.

Run a reseller program? Each one gets a fixed slice of your server — disk, memory, CPU, account count. They can carve it up however they want for their own customers. They can't take more than you gave them.

Migrations that don't eat your day.

Move a customer to another server: click export, click import on the new side. Their files, databases, mailboxes, DNS — all of it lands. Migrate ten customers before lunch.

Set up a new server in five minutes.

Get a fresh Ubuntu VPS. Run one install command. Enter your license. The panel is up and ready. No agent download, no Docker compose, no Kubernetes yaml.

For your customers

A panel that looks like 2026, not 2003.

Customers log in to something clean and friendly. The "I'm confused, please help" tickets drop because the interface actually makes sense.

Edit files without SSH.

Drag-drop upload. Click a file to edit it. Right-click for permissions. Fix a typo without spinning up a terminal.

A terminal in the browser, for the customers who want one.

Real terminal, jailed to their account, works on a tablet. Power users get what they want. Regular users never need to see it. SSH the regular way still works.

WordPress in one click. Staging in one more.

Install WordPress. Spin up a staging copy to test changes. Promote when it works. Roll back if it doesn't. The whole cycle without leaving the panel.

Multiple PHP versions, set per domain.

Customer's old WordPress needs PHP 8.1. Their new Laravel app wants 8.4. Both work, both their problem to choose. Yours not to babysit.

SSH keys without editing files by hand.

Customer pastes their public key in the panel. It lands in the right place. They never touch ~/.ssh/. Add a key, revoke a key, see who has access — all in the UI.

For both of you

Sites that don't slow down because of someone else.

Each customer is sandboxed with hard limits on memory, CPU, and disk. One customer's traffic spike is their problem, not the whole server's. The "why is my site slow" tickets stop being a coin flip.

Backups that actually restore.

Schedule nightly to S3, your own storage, or local. When something gets deleted, restore the one file — or the one mailbox, or the one database table. Not the whole site.

Move servers without losing a day.

Customer needs to move to a different server? Export, import, done. Their site, mail, databases, DNS records — all there. No 4 AM ticket marathon.

Email set up correctly, by default.

Add a mail domain, the right records publish themselves. No DNS lessons for customers. (Whether mail actually lands in inboxes still depends on your IP's reputation, which we don't pretend to fix for you.)

One-click webmail.

Customer opens their mailbox in a browser, no second password. Looks decent. Works on phones.

Mail that scales to its own server when you're ready.

Outgrew a single box? Install MaxPanel on a second VPS, pair the two with a 6-digit PIN. Mail moves over. Websites stay on the original. No customer-facing change.

Databases without ceremony.

Customer creates a database, gets connection details on screen, pastes them into their app. If their app starts a runaway query that drags the server, the panel kills it automatically. You don't have to be on call.

Speed — without the LiteSpeed license

The reasons people pay for LiteSpeed and LSCache. Built on the stock nginx + Apache + PHP-FPM stack you already trust.

Repeat visits skip PHP entirely.

Flip on the edge page cache per domain and a cached page is served straight from the front of the stack — no PHP, no database round-trip. Logged-in users and carts are left uncached automatically, so you don't serve someone else's session by mistake. A TTL you control, or honor the site's own cache headers.

No cold-start lag on the first hit.

Higher-tier plans keep a pool of PHP workers warm instead of spawning them on demand. The first request after an idle spell doesn't pay the start-up tax. Memory stays bounded by the same per-account cap as everything else, so warm workers can't run away with the box.

A private object cache per account.

Give an account its own object cache on a private socket only it can reach — point WordPress or Laravel at it and database load drops. One toggle. No shared instance for tenants to step on each other in.

WordPress cache that clears itself.

Install the one-click helper and the page cache purges the moment a post, comment, theme, or plugin changes. Customers don't see stale pages, and you don't field the "I updated it but it's not showing" ticket. Brotli compression and HTTP/2 are on by default for everyone.

Security — the job you'd buy Imunify360 for

Block attacks, score bad IPs, catch malware. Open tools doing the work, in the box, with nothing extra to license.

A firewall that reads the request, not just the port.

A web application firewall with an industry-standard rule set inspects every request before it reaches a customer's PHP — SQL injection, cross-site scripting, the usual probes — and blocks it at the edge. You can switch it to detection-only or off per account when an app needs room.

Known attackers never get to knock.

An IP-reputation firewall drops connections from addresses already flagged for hammering other servers, so the brute-force and scanner traffic is gone before it costs you a PHP worker.

Malware caught and quarantined, not left sitting.

Files are scanned on a schedule and as they're written. When something matches, it's quarantined out of the document root automatically — the live site stops serving it — and you get the finding to review, restore, or delete. Per-account, so one infected site is one account's problem.

It cleans the site, not just flags it. early access

Automatic malware removal. It strips malicious code from infected files, restores clean copies from your backups, and re-verifies WordPress core and plugins against official checksums to put the original files back in place. Every action is logged. It's the cleanup step you'd otherwise pay Imunify360 for — included.

What we don't do

So you can decide before you sign up.

Try it for 15 days.

Cancel before day 15 and there's no charge.