JohnnyVPS Review: Dishonest “Shared” Hosting
Update October 2023: It has come to our attention that Johnny is now trying to rebrand JohnnyVPS into a new name, BlaqPanel, after our successful exposure of his fraud.
JohnnyVPS is a small web hosting brand run by Johnny Nguyen, a blogger from California whose background is primarily marketing. Unfortunately, this lack of technical knowledge is reflected in his aggressive promotion of his brand across Facebook groups, and making “deals” with other bloggers to positively review his company, even when they are not actually using his hosting service.
Despite repeatedly claiming to offer “VPS” servers, this is in fact false — JohnnyVPS (a.k.a. WPJohnny) merely puts dozens of customers on the same “shared” Litespeed/cPanel server, with all the security and performance risks that generic shared hosting has.
As detailed by LittleBizzy, dozens of websites can be found on the same IP address(es) on the cloud servers he runs. It would be one thing if he claimed to be offering shared Litespeed hosting, but he repeatedly (dishonestly) claims to be selling high-end VPS plans. This type of setup, where a single non-clustered server is being shared with several other “strangers”, results in poorer performance, security, and SEO metrics, and can also result in your website being “blacklisted” by databases such as Spamhaus if another customer on the same IP address is sending out illegal email spam — or, if another website gets infected with malware, it can negatively effect your own domain’s reputation (or file integrity, in some cases) as well.
Besides the dishonest marketing and outdated configuration (all customers are simply added using WHM sub-accounts), JohnnyVPS clearly lacks general syadmin and DevOps knowledge. Among other things:
- no CDN or proxy service is included
- customers share the same server and public IP address with dozens of others, which means there is a serious risk of getting your domain blacklisted if any email/phishing spam is sent out by any other website next to you
- all sites run on Apache/Litespeed and require .htaccess, leaving them vulnerable to redirect hacks (and cross-user malware)
- port-scanning and direct connections are not blocked on the origin server
- there is no anti-DDOS or anti-brute force measures in his WordPress configuration
- all customers receive an “F” score on SecurityHeaders.com
If your company is looking for a “real” VPS/cloud server provider, avoid JohnnyVPS — they have zero co-location blocks. All they do is pay for a cheap cloud server on Linode et al and then dump all their customers on the same machine, while marking up the price several times along the way.
A much better deal would be paying just $5/month for a cloud server of your own, and installing the free SlickStack script (or other FOSS script). Not only would your privacy and security be infinitely better, but your performance and peace of mind would be as well.