Both the GM and Ops Manager of my wife's work resigned at the end of last year leaving the owner to do what all great owners do and decide not to replace them. The owner made several staff "go to's" (team leaders without the title or pay rise) and gave staff more autonomy to do what they want (considering they deal with a lot of Central Government and financial information this is very risky).

My wife has taken on some of the duties of the Ops Manager (without the pay rise or title change of course) and has under taken an audit of suppliers at the behest of the owner.

Today she talked to their web developer and got a break down of monthly outgoings for all things website related.

They have been paying a certain large NZ 'cloud company' (a mix of a fair few well known NZ ISP's) $573.39 per month for the following VPS, for many years:

• 2 vCPU's


• 4gb's RAM


• 22gb's Storage + 7 day backup retention (onsite)


• Plesk Web Pro


• Managed Compute (includes 'standard patching')


• Managed Compute (includes 'enhanced management and monitoring') [nearly half the total bill]


• A single IPv4 address


• NZ Hosted

Their developer pointed out that they were still running PHP 5.6 up until today (when an upgrade was requested) and that the Plesk version was so out of date that they couldn't actually upgrade to PHP7.4 (the latest version they could upgrade to) without doing several cycles of Plesk upgrades. This server hosts a Wordpress site - public facing. I don't know what OS they are on, nor the hardware specs. When they requested an upgrade of PHP the provider initially recommended leaving it be as it could break their site...

They've also been paying $40 a month for a premium DNS provider with failover A records... they only have 1 Server/IP and have only had one for many years.

I'm shocked that neither their developer nor the provider have ever taken a look at the account and checked if it is still fit for purpose. My wife will start the move tomorrow to a business grade NZ shared hosting provider and Cloudflare Pro. They really don't need much, the site gets some traffic but not enough to justify a VPS (they'd be lucky to push more than 10gbs a month).

I've suggested that she contact their current provider and make a complaint about the complete lack of care their 'enhanced management' package has provided and seek out a refund. Am I overreacting here thinking that leaving them on a PHP version that was EOL over 3 years ago (I doubt the OS is anymore up-to-date) is beyond careless and reckless? Especially when it hosts a Wordpress install?

The old GM was a technophobe and put everything like this into the too hard basket hence an audit only happening now.