Scope of Support

Q: Can I access .htaccess?

An . htaccess file applies to websites hosted on an Apache web server. WP Cloud uses NGINX.

Q: Can I set up custom redirects through .htaccess?

While Bluehost Cloud hosting does not support a . htaccess to set up custom redirects, setting up redirects is as simple as creating a custom- redirects.php file in your htdocs directory on your Cloud site . Depending on the type of redirect you’d like to add, you’ll need to add some custom php code to this file.

Bluehost Cloud for Agencies

Dedicated Phone Support

Online Chat Support

Ticketed Support

Private LinkedIn Group
(Agency Exclusive)

	Agency: Member	Agency: Gold	Agency: Platinum
Dedicated phone support	24 x 7 x 365	Priority 24 x 7 x 365	Priority 24 x 7 x 365
Online chat support	24 x 7 x 365	Priority 24 x 7 x 365	Priority 24 x 7 x 365
Ticketed email support	24 x 7 x 365	24 x 7 x 365	24 x 7 x 365
Private LinkedIn Community	✔️	✔️	✔️

Looking for help with Billing and Sales questions? Call 844-303-1730. Teams available M-F, 9am-5pm ET.

What's In-Scope

Cloud Support

Account and Billing Support

Account manager navigation
Billing inquiries
Domain management (Moving domains between accounts, transferring domain registration, or walking you through purchasing a new domain when applicable)

Looking for help with Billing and Sales questions? Call 844-303-1730. Teams available M-F, 9am-5pm ET.

Website and Server Management

We will assist with DNS management (adding/removing DNS records when applicable)
Malware scan/removal – We can scan for and remove malware, but we cannot provide RCA’s or determine the infection vector.
Walk you through creating an SSH/SFTP user and connecting to a terminal or client.
We will assist you with website migrations (Walk you through doing one, and we’ll have you do the rest).
We will assist with resolving 4xx/5xx errors on your website.

WordPress and Optimization Assistance

WordPress plugin/theme configuration*
We will recommend solutions for optimizing your website when applicable.
We will walk you through managing your server resources and how to allocate more when needed.
We will make simple edits/changes for the customer with written/verbal approval

*Disclaimer: Our team can help with the initial setup and basic configuration of WordPress plugins and themes, ensuring they are installed and activated properly within your environment. Within reason, we can assist with configuring default settings, resolving compatibility issues, and offering guidance on common configuration options available in the plugin or theme documentation. Please note, support is limited to helping you with standard configurations. Customizations, advanced features, or complex functionality that require development expertise are outside the scope of our support and may require assistance from a developer.

Migrations

With our Pro Site Migration service, our in-house professionals help customers seamlessly migrate their website from another provider to us. We migrate as-is. During the migration, no data will be deleted from the customers’ server – we simply copy data to our server to ensure business continuity for our customers

Migration of one website per purchase
Websites must come from 3rd party Linux based hosting companies
We will migrate only WordPress sites, as long as access to the source website is provided.
Websites on WordPress.com (Not recommended because of limitations with data, themes, and plugins) must agree to disclaimer.
Migrations can be done between fellow company brands.
Notification of DNS changes the customer will have to do (migration team will tell the customer what new DNS will be)

We provide comprehensive migration support, including email assistance throughout the migration process, dedicated ticket support during the 14-day review period, and 24/7 technical support via chat and phone after the migration is complete.

What's Out of Scope

Cloud Support

Don’t make changes to any core files or any hosting account information.
No custom coding, HTML, or PHP
No Graphic Design or Image Editing
No Custom API Connections
No MLS/IDX (Real Estate of Properly Listings)
No Click Funnels
No Drop-shipping Websites
No Marketplace websites (like Amazon or Ebay)
No Auction Websites (like Ebay or OfferUp)
No Multi-Level Marketing (Custom Affiliate Websites)
No HIPAA/ADA Compliance Websites
No Weapons & Artillery
No Explicit Content (Nudity and 18+ Websites)
Not WordPress developers
Don’t teach WordPress developer concepts (such as Full Stack Developer)
Don’t fix broken plugins or themes
Don’t troubleshoot WordPress multi-site
We do not support any non WordPress CMS (Joomla, Drupal, Wix, etc.)
We cannot assist with making sure sites are PCI compliant. (PCI compliance is dependent on the payment gateway used by the site)

Migrations

Migrations to Windows hosting accounts
Email migrations are not included in this service
The website being migrated is done as is. The migration team will not make any modifications/fixes
Websites with malware will not be migrated to our servers
Autoresponders, cron jobs are not migrated
Dedicated IPs, DNS – however, we will let them know when it’s time for them to point.
Domain Registration Transfer (against company policy)
FTP accounts
SSL Certificates
URL Changes
Proprietary Websites (Google Sites, Intuit, Etsy, etc)

Customer responsibilities

Note: You may need to contact your old host or look through your emails to obtain or find some of this information.
Provide access to the source account. In a timely manner – Our migration team will need access to your website’s files and databases to process your migration request.
This may include but is not limited to access to your hosting company’s control panel, account username, and password.
Check your email regularly for updates from the migration team
14 day review period – report any changes through the request change form within 14 days of completion
DNS Update: Customers are responsible for updating DNS settings post-migration, and we provide instructions to ensure timely updates.

Included Add-ons

Security

Jetpack Protect

A WordPress security solution designed to safeguard your site by scanning for vulnerabilities, protecting against brute force attacks, and ensuring core files haven’t been tampered with.

Maintenance

Jetpack Manage

A site management tool within Jetpack that allows you to control multiple WordPress sites from a single dashboard, offering features like plugin and theme updates, site backups, and downtime monitoring.

SEO

Yoast Premium

A premium SEO plugin for WordPress that helps optimize your site’s content for search engines with advanced features like redirect management, internal linking suggestions, and support for multiple keywords.

SPAM

Akismet Anti-spam

A powerful anti-spam plugin for WordPress that automatically filters out spam comments and form submissions, keeping your site clean and secure.

Server Specs

The following examples are as of January 2024 and do not reflect ongoing upgrades.

Servers	NGINX
CPU	Currently, mostly AMD EPYC Rome CPUs (64 core/128 thread), moving to AMD EPYC Milan CPUs (64 core/128 thread)
PHP / CPU	Default of 10 PHP Workers / CPU threads. Depending on client settings and availability, can spike/burst up to 110 total if needed.
Network	Redundant 25Gbit network connectivity per server.
Storage	NVMe SSDs
Scaling	active/passive server setup on bare metal, giving us the ability to scale up to hundred+ CPU cores (110 in bursts) while maintaining a real-time replica in a different region with automatic failover. Vertical scaling instead of horizontal scaling.
Origin data centers	4 origin centers (Amsterdam, Ashburn, Dallas, Los Angeles)
Edge / CDN	27 global data centers serve as a CDN and edge cache for your content.
Memory	512MB each PHP worker/process.
Caching*	Page Cache (Batcache, Memcached), Query Cache (WordPress Persistent Object Cachcing, via Memcached), Edge Cache (page and static asset caching at edge), OPcache.

*NOTE: Because caching is taken care of at each level by Bluehost Cloud, it is recommended that other caching solutions/plugins (WP Rocket, WordFence, etc) are not used. These can conflict with provided caching.

PHP Configuration & Modules

The following settings are statically set by the platform and cannot be modified per site.

To verify current settings and modules available, create and access a phpinfo.php on a site with the following snippet.

				
					<?php 
    phpinfo(); 
?>

As of January 24, 2024, sites have the following set.

memory_limit	512 MB
post_max_size	2 GB
max_execution_time	850
max_input_vars	6144
cURL version	8.10.1 or higher
MySQL version	MariaDB
Max upload size	2 GB
SUHOSIN installed	❌
ionCube installed	❌
ImageMagick installed	❌
Sodium installed	✅
Default timezone	UTC
PDO_MYSQL installed	✅
GD installed	✅
fsockopen/cURL	✅
SoapClient	✅
DOMDocument	✅
GZip	✅
Multibyte String	✅
Remote Post	✅
Remote Get	✅

Active modules

apcu
bcmath
calendar
cgi-fcgi
Core
ctype
curl
date
dom
exif
fileinfo
filter
gd
gmagick
gmp
hash
iconv
imap
intl
json
libxml
mbstring
mcrypt
memcache
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
Reflection
session
shmop
SimpleXML
soap
sockets
sodium
SPL
sqlite3
standard
sysvsem
sysvshm
timezonedb
tokenizer
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip

Security

Security & HTTP Headers

Pre-configured Security Headers: WP Cloud automatically optimizes and sets crucial HTTP headers, such as:
- Strict-Transport-Security (HSTS): Enforces HTTPS access (not modifiable).
- X-Frame-Options: Protects from click-jacking attacks, with SAMEORIGIN applied to /wp-admin/.
- X-XSS-Protection: Guards against cross-site scripting attacks.
- X-Content-Type-Options: Prevents MIME type sniffing.
- Referrer-Policy: Configurable, offering privacy-focused referrer options.
- Content-Security-Policy: Limits resource loading, enhancing protection against XSS attacks.
Customizable Headers: End-users can modify specific headers (e.g., X-Robots-Tag, Access-Control-Allow-*) using tools like the Redirection plugin or a custom-redirects.php file.
Cache-Control Configuration: While Batcache handles dynamic asset caching, advanced users can apply custom configurations for specialized caching needs.

Firewall Protections

Inbound Firewall: Supports TCP traffic over ports 80 (HTTP) and 443 (HTTPS).
Outbound Firewall: Restricts traffic to essential protocols and ports (e.g., SMTP, HTTP/S).
Web Application Firewall (WAF):
- Protects against malicious requests using NGINX ModSec with custom rules.
- Blocks suspicious activity with HTTP status 406 (Not Acceptable).

Performance & Security Isolation

Resource Isolation: Linux kernel namespaces and cgroups ensure each site is isolated for performance and security.
Rate Limiting: Automated limits mitigate the impact of resource-heavy sites or attacks like DDoS.
Burst Capability: Sites can temporarily use additional resources when available, ensuring stability for other users.

Advanced Security Customizations

Custom Redirects: Agency users can create tailored behaviors via custom-redirects.php, enabling:
- Adding security headers (if not pre-set).
- Implementing geoblocking.
- Restricting access by IP or URI.

HTTP Status Codes

Reserved codes for specific situations:
- 429: Rate limiting.
- 406: WAF-related blocks.
- 403/410/451: Security and access restrictions.

Support for Agencies

Preconfigured defaults are designed to minimize the need for manual intervention.
Advanced customization options are available for developers with specific needs.
Full isolation and burst capabilities provide a reliable and secure hosting experience, even for high-traffic or resource-intensive sites.

FAQ

Can I access .htaccess?

An .htaccess file applies to websites hosted on an Apache web server. WP Cloud uses NGINX.

Can I make changes to the NGINX configuration?

It is not possible to modify the NGINX configuration at this time.

Can I make changes to php.ini?

It is not possible to modify php.ini settings at this time.

How can I increase the allowed memory size?

The PHP settings on sites hosted on the WP Cloud infrastructure cannot be changed and are globally fixed for all sites. WP Cloud regularly reviews memory utilization to determine current trends and needs to ensure the set allowed memory size is the best fit for all ranges of sites.

In general, memory exhaustion issues on a site are caused by plugins or themes that are not functioning correctly, not by a lack of memory. To solve memory problems, it may be necessary to perform plugin/theme/code snippet conflict checks, analyze databases, and deploy general troubleshooting practices.

Is Brotli and GZip compression supported?

WP Cloud enables Brotli compression at the server level by default. If a browser that doesn’t support or blocks Brotli is used, then GZIP compression is used as the fallback.

Can I use ionCube Loader or ZendGuard Loader?

As of January 2024, WP Cloud does not support or install the ionCube or ZendGuard Loader extensions.

Is Imagick available?

Imagick is not available as of January 2024.

Can I set up custom redirects through .htaccess?

While Bluehost Cloud hosting does not support a .htaccess to set up custom redirects, setting up redirects is as simple as creating a custom-redirects.php file in your htdocs directory on your Cloud site. Depending on the type of redirect you’d like to add, you’ll need to add some custom php code to this file.

Last updated: June 26, 2025