Not a tour of architecture. A list of what changes for you and your customers, day to day.
Three tiers per server: $1.50, $7.50, $19. After 25 customers on a server, the bill stops growing. Add more servers, the math is just multiplication. No renewal hikes.
Every privileged action is logged: who suspended a customer, who changed a plan, who stepped into someone's account. When something goes wrong — and at some point it will — you have a paper trail.
Click "Impersonate". You see exactly what they see. Help them without asking for their password. Everything you do in their session is logged for them and you.
Run a reseller program? Each one gets a fixed slice of your server — disk, memory, CPU, account count. They can carve it up however they want for their own customers. They can't take more than you gave them.
Move a customer to another server: click export, click import on the new side. Their files, databases, mailboxes, DNS — all of it lands. Migrate ten customers before lunch.
Get a fresh Ubuntu VPS. Run one install command. Enter your license. The panel is up and ready. No agent download, no Docker compose, no Kubernetes yaml.
Customers log in to something clean and friendly. The "I'm confused, please help" tickets drop because the interface actually makes sense.
Drag-drop upload. Click a file to edit it. Right-click for permissions. Fix a typo without spinning up a terminal.
Real terminal, jailed to their account, works on a tablet. Power users get what they want. Regular users never need to see it. SSH the regular way still works.
Install WordPress. Spin up a staging copy to test changes. Promote when it works. Roll back if it doesn't. The whole cycle without leaving the panel.
Customer's old WordPress needs PHP 8.1. Their new Laravel app wants 8.4. Both work, both their problem to choose. Yours not to babysit.
Customer pastes their public key in the panel. It lands in
the right place. They never touch ~/.ssh/. Add
a key, revoke a key, see who has access — all in the UI.
Each customer is sandboxed with hard limits on memory, CPU, and disk. One customer's traffic spike is their problem, not the whole server's. The "why is my site slow" tickets stop being a coin flip.
Schedule nightly to S3, your own storage, or local. When something gets deleted, restore the one file — or the one mailbox, or the one database table. Not the whole site.
Customer needs to move to a different server? Export, import, done. Their site, mail, databases, DNS records — all there. No 4 AM ticket marathon.
Add a mail domain, the right records publish themselves. No DNS lessons for customers. (Whether mail actually lands in inboxes still depends on your IP's reputation, which we don't pretend to fix for you.)
Customer opens their mailbox in a browser, no second password. Looks decent. Works on phones.
Outgrew a single box? Install MaxPanel on a second VPS, pair the two with a 6-digit PIN. Mail moves over. Websites stay on the original. No customer-facing change.
Customer creates a database, gets connection details on screen, pastes them into their app. If their app starts a runaway query that drags the server, the panel kills it automatically. You don't have to be on call.
The reasons people pay for LiteSpeed and LSCache. Built on the stock nginx + Apache + PHP-FPM stack you already trust.
Flip on the edge page cache per domain and a cached page is served straight from the front of the stack — no PHP, no database round-trip. Logged-in users and carts are left uncached automatically, so you don't serve someone else's session by mistake. A TTL you control, or honor the site's own cache headers.
Higher-tier plans keep a pool of PHP workers warm instead of spawning them on demand. The first request after an idle spell doesn't pay the start-up tax. Memory stays bounded by the same per-account cap as everything else, so warm workers can't run away with the box.
Give an account its own object cache on a private socket only it can reach — point WordPress or Laravel at it and database load drops. One toggle. No shared instance for tenants to step on each other in.
Install the one-click helper and the page cache purges the moment a post, comment, theme, or plugin changes. Customers don't see stale pages, and you don't field the "I updated it but it's not showing" ticket. Brotli compression and HTTP/2 are on by default for everyone.
Block attacks, score bad IPs, catch malware. Open tools doing the work, in the box, with nothing extra to license.
A web application firewall with an industry-standard rule set inspects every request before it reaches a customer's PHP — SQL injection, cross-site scripting, the usual probes — and blocks it at the edge. You can switch it to detection-only or off per account when an app needs room.
An IP-reputation firewall drops connections from addresses already flagged for hammering other servers, so the brute-force and scanner traffic is gone before it costs you a PHP worker.
Files are scanned on a schedule and as they're written. When something matches, it's quarantined out of the document root automatically — the live site stops serving it — and you get the finding to review, restore, or delete. Per-account, so one infected site is one account's problem.
Automatic malware removal. It strips malicious code from infected files, restores clean copies from your backups, and re-verifies WordPress core and plugins against official checksums to put the original files back in place. Every action is logged. It's the cleanup step you'd otherwise pay Imunify360 for — included.
So you can decide before you sign up.