When I started my hosting service more than 10 years ago, I tried several control panels. First was cPanel/WHM. What i found was a panel that had a ton of features but nothing much in terms of data security for account holders. if your site got compromised the backups were stored in your account. If your account got compromised…you didn’t have a backup. The lack of the ability to do off-server backups was my main concern, and it was something not offered at the time and is crucial to my hosting model of ransomware resistant hosting. cPanel was also relatively slow on my smaller vps offerings, which make up the vast majority of my clientele, so that also was a factor. Finally there is the cost. cPanel was the most expensive of everything i tired and with their poor record on not only data security for users but also an increasing rate of security vulnerabilities, I ruled cPanel out.
Next was another stalwart, Plesk. Plesk was basically the same thing as cPanel. The UI was different but they didn’t address my data security concerns either and had even more overhead than cPanel. Plesk didn’t has a string of security vulnerabilities at the time of my trials, but it was too similar to cPanel to be a standout in any other way.
I then tried DirectAdmin. This was a feature rich panel. It was fast, supported ipv6…kinda and supported off sever backups…with issues. It was much cheaper than the other two, but the manually process for doing offsite backups turned me off. Their security record has been pretty good over the years.
Finally, there’s Virtualmin. The base version is open source, free in cost, and is a lightweight and fully featured panel. Even the pro version was priced even cheaper than DirectAdmin. While the cost made it attractive, the feature set really stood apart. First was the speed. Even with only two low end CPUs the panel is quick to load and quick to perform most tasks. It can run all users inside their own jails, preventing one user from compromising the others, It easily allows you to setup off-server and offsite backups up to hourly incremental backups. It fully supports ipv6 and with the base installation, the source code being open, makes code inspections easy. this list of features is why i eventually chose and continue to use Virtualmin.
There has also been serious consolidation in the hosting market. cPanel, Plesk and the high end billing platform WHMCS are now all under one parent company. This has led to steep increases in price and some disturbing security issues like the recent CVSS 9.8 critical vulnerability leading to server compromises in cPanel.
ETC Maryland, using Virtualmin, has had servers crash. However,. using the backup system built into Virtualmin, the most downtime the main webserver has suffered has been 12 hours when a physical machine totally failed and a new machine had to be emergency sourced. Now with Web3 being a Virtual machine, the longest outage suffered was 3 hours as an underlying host failed, a new vm was spun up, and then the backups were used to recover all accounts on web 3 within two hours of the outage. Virtualmin has had much better security record, makes setting up data security much simpler, and has a component, Cloudmin, that makes managing multiple physical and virtual servers easy all in one interface. This is why ETC Maryland uses Virtualmin for it’s hosting products and is proud to count ourselves as a client for more than 10 years.