Services Hosting & Servers Tools Blog Search Company TürkçeTR
Get a Quote

“Is IHS reliable?” is one of the most common threads on Turkish hosting forums and complaint platforms. The answer cannot be reduced to a single “yes” or “no,” because reliability is not an abstract adjective — it is a measurable bundle of properties: uptime SLA, support response time, billing transparency, panel access, backup cadence, contractual arbitration rights, ease of transfer, and recurring patterns in real customer records. This guide goes through each of those criteria for IHS Telekom (ihs.com.tr) specifically and offers a vendor-neutral decision framework.

Related guides: Hosting types and how to choose · VPS vs. VDS differences · Domain names and WHOIS lookup · Changing DNS settings · Let's Encrypt SSL setup · Site management with cPanel

All price ranges, uptime figures, and support metrics in this article are compiled from open sources (the official site, independent review sites, complaint platforms, forum discussions) as of early 2026. They are approximate values and can shift depending on the provider's campaign or package. Keep in mind that any decision needs to be weighed against your own scenario (corporate site, e-commerce, high-traffic blog, developer test environment).

Who Is IHS Telekom? History, Accreditations, and Customer Base

IHS Telekom is a Turkey-based domain registrar and hosting provider operating since 1999. According to the information published on its official site, it serves more than 100,000 individual customers and thousands of corporate clients; Istanbul is highlighted as its data center location. Being one of the few accredited.tr domain registrars in Turkey has helped them earn a meaningful share of the corporate market on the domain side.

Their corporate references include large retail chains, banking infrastructure providers, traditional media organisations, and public-sector projects. In terms of scale, IHS can fairly be called one of the three largest hosting companies in Turkey — but “being big” is not the same as “being reliable.” The rest of this review focuses on separating the two.

Service Lineup

  • Domain:.com,.net,.org,.com.tr,.tr,.biz.tr,.info,.co,.io,.xyz, plus dozens of newer TLDs
  • Shared hosting: Linux and Windows; cPanel, Plesk, or their in-house panels
  • WordPress hosting: packages with LSCache + LiteSpeed integration
  • VPS: KVM-based, NVMe SSD, configurations roughly $3-25/month
  • VDS / dedicated server: for corporate customers needing higher isolation and guaranteed resources
  • Reseller hosting: for those reselling under WHM
  • SSL certificates: RapidSSL, GeoTrust, DigiCert; plus Let's Encrypt integration
  • Business email: SmarterMail or MailEnable-based solutions

That lineup is broad enough to satisfy SMBs that want “a single vendor for the entire web stack.” The breadth is both a strength (one invoice, one panel) and a weakness (specialisation gets diluted across too many product lines).

Defining “Reliability”: Not Marketing, Measurable Criteria

In a hosting context, reliability is a composite property that has to be evaluated along at least six dimensions. If you keep these in mind, you can objectively measure any provider — not just IHS.

  • Technical reliability: contractual uptime SLA, actual measured uptime, planned/unplanned maintenance windows, backup cadence, RTO/RPO values
  • Operational reliability: support response time (first response + resolution), 24/7 availability, ticket escalation path, language support
  • Commercial reliability: billing transparency, auto-renewal policy, refund terms, absence of hidden fees
  • Legal reliability: KVKK compliance, data-storage jurisdiction, contractual liability caps, arbitration and court procedures
  • Customer control: full panel access, root SSH (for VPS/VDS), DNS management, email management, ease of transfer (no lock-in)
  • Reputation: resolution rate on complaint platforms, long-term user comments on forums, independent review sites

A provider can be excellent on five of these six dimensions and weak on the sixth, and a single bad month can erase its reputation. Let's walk through each dimension as it applies to IHS.

Dimension 1 — Technical Reliability: Uptime, Maintenance, Backups

Based on averages from independent review sites (websiteplanet, hostadvice, etc.) and user reports, IHS shared hosting packages measure around 99.94% uptime on a weekly basis. Annualised, that's roughly 5 hours 16 minutes of downtime per year — slightly below the 99.95% (4.4 h/year) bar that's common in enterprise contracts, but above 99.9% (8.7 h/year). It corresponds to “available most of the time, but expect a handful of noticeable outages over the year.”

Records on complaint platforms also show edge cases around that statistical average: some users report patterns like “we couldn't reach our service for about 8 hours in a single day,” “our sites have been down for a day,” or “5 minutes up, 5 minutes down.” These kinds of incidents happen at every large provider from time to time; what matters is whether the company reports them transparently, publishes post-mortems, and gives customers a written RFO (Reason For Outage).

How to Independently Verify Uptime

You don't have to take the provider's word for their uptime. On top of the techniques in our Prometheus and Grafana server monitoring guide, run independent measurements with third-party tools.

# Simple blackbox check — UptimeRobot, Pingdom, StatusCache, Better Stack
# A quick cron-uptime test from your own machine:
*/1 * * * * curl -s -o /dev/null -w "%{http_code} %{time_total}\n" \
 https://yoursite.com/ >> /var/log/uptime.log 2>&1

# A practical 5-minute availability report (last 24 hours)
awk 'BEGIN{ok=0;fail=0}
 $1=="200"{ok++}
 $1!="200"{fail++}
 END{printf "Uptime: %.4f%% (%d/%d)\n", ok/(ok+fail)*100, ok, ok+fail}' \
 /var/log/uptime.log

# Test at the DNS and TCP layer too (HTTP may be answering,
# but TLS handshake or DNS may be broken):
dig +short A yoursite.com @1.1.1.1
openssl s_client -connect yoursite.com:443 -servername yoursite.com \
 -tls1_3 < /dev/null 2>&1 | grep -E 'subject|issuer|Verify return'

Ideally, use an uptime service that probes from at least two independent regions (e.g., Frankfurt + Istanbul + the US); single-region measurements can blame the provider for what is actually an ISP or BGP routing problem. You can cross-verify the consistency of your records with our DNS lookup tool.

Backup Policy

IHS shared hosting packages reportedly take weekly backups by default, but those backups are kept on the same server and there's no self-service downloadable export for the customer. That's an important point: even if the backup exists, when the physical server fails the backup on the same disk can be lost with it. For professional use, do off-site backups yourself: as we explain in our 3-2-1 backup rule guide, on at least two different media, with one of them off-site.

# Automated off-site backup from a cPanel account (to an S3-compatible target)
#!/usr/bin/env bash
set -euo pipefail

HOST="yoursite.com"
USER="cpaneluser"
DATE=$(date +%Y%m%d-%H%M)
LOCAL="/tmp/${USER}-${DATE}.tar.gz"
REMOTE="s3://my-backup-bucket/${HOST}/"

# 1) Trigger a full backup via the cPanel API
curl -s -u "${USER}:${CPANEL_TOKEN}" \
 "https://${HOST}:2083/execute/Backup/fullbackup_to_homedir" -o /dev/null

# 2) Download locally over FTP/SFTP
sftp ${USER}@${HOST}:public_html/backup-*.tar.gz ${LOCAL}

# 3) Upload to S3 (Hetzner Object Storage, Backblaze B2, Cloudflare R2 are all compatible)
aws s3 cp "${LOCAL}" "${REMOTE}" --storage-class STANDARD_IA

# 4) Clean up the local copy
rm -f "${LOCAL}"

# 5) Delete remote backups older than 90 days (also doable with a lifecycle policy)
aws s3 ls "${REMOTE}" | awk '$1 < "'"$(date -d '90 days ago' +%Y-%m-%d)"'"{print $4}' \
 | xargs -I{} aws s3 rm "${REMOTE}{}"

If you run this script as a nightly cron, you guarantee an RTO of 4 hours and an RPO of 24 hours independent of your provider.

Dimension 2 — Operational Reliability: Support Response Time

Customer support is the most subjective component of any hosting evaluation, and at the same time one of the most decisive. According to IHS's official statements, live support runs weekdays 09:00-18:00, Saturdays 11:00-15:00; the e-ticket system is open 24/7 with an average response time of around 30 minutes. WebsitePlanet's report quotes ~15 minutes on live chat and ~1 hour on tickets as the average.

The pattern on complaint platforms tells a different story: being unreachable on weekends and at night during critical outages is one of the most frequently raised issues. That's a reasonable trade-off: it's economically impossible for a provider to staff engineers 24/7 for a $50/year shared hosting package. If you operate a mission-critical system (e.g., a payment flow or a B2B API), shared hosting's support model already isn't for you — you should be on managed VPS or a corporate-contract hosting plan.

How to Test Support Quality

Before paying annually, if you have a 30-day refund window, run these tests:

  • Open a non-critical ticket on Saturday at 23:00 and time the first response
  • Deliberately ask a technical question that has no solution (e.g., “enable Redis on my server” when shared hosting can't); measure the clarity of the answer
  • File a ticket about something that ought to be self-service (like a backup request); see whether they push you toward self-service
  • Request a phishing-imitating email forwarding rule; how high is their security awareness?
  • Request a domain transfer (auth code / EPP); how quickly and with how much friction is it issued?

The output of these tests gives you 30 days' worth of evidence on the provider's operational reliability. The KEYDAL team applies this protocol to every provider in its own audit service.

Dimension 3 — Commercial Reliability: Billing, Renewal, Refunds

On IHS's official site, a 30-day unconditional money-back guarantee and a 2-months-free promotion on annual plans are clearly advertised. That's on the good side of the industry standard. However, complaint-platform records highlight two recurring patterns:

  • Renewal price gap: customers are billed at the promo price the first year and auto-renewed at list price in year two. This is normal at every large hosting company, but Turkish-language contracts don't always spell it out clearly
  • Domain auto-provisioning: cases where a purchase doesn't show up in the panel and requires a manual support ticket to fix
  • Transfer fees: for some TLDs, complaints about the price gap between transfer and renewal

These issues usually get resolved once they hit a ticket, but they require the customer to track them proactively. In a corporate accounting workflow, that becomes another control item on the checklist.

Managing Auto-Renewal

  • Set a calendar reminder 30 days before your domain expires
  • Verify that auto-renewal is configured per product (hosting can be on while domain is off)
  • Compare the “offered price” in the panel against transfer prices before renewing
  • Archive PDF copies of invoices; you may need them later for VAT refunds, etc.
  • Find out in the contract what happens if you don't renew within 30 days (grace period, redemption period)

You can always cross-check the expiry date and registrar of your domain with our WHOIS lookup tool.

A hosting company operating in Turkey that stores customer data in Turkey is subject to KVKK (Law No. 6698 on the Protection of Personal Data). IHS stands out here for keeping its servers in Istanbul; for projects in healthcare, finance, and the public sector that fall under KVKK, that's a critical advantage. We cover application-layer security in our OWASP Top 10 2026 guide, and the transport layer in our HTTPS and TLS 1.3 guide.

There are three legal points to watch for:

  • Data-storage jurisdiction: where backups are kept (Turkey, North Cyprus, the EU, the US) must be explicit in the contract. Some providers operating via North Cyprus are known not to issue VAT invoices
  • Liability cap: most hosting contracts cap damages at the last 12 months of fees. If you pay 200 TL/year for a package and your business loss is 50,000 TL, you'll only get 200 TL back
  • Acceptable use policy: providers reserve the right to immediately suspend the account for spam, crypto mining, copyright violations, and similar. Make sure the customer notification window is in the contract

For any hosting plan where you spend more than 1,000 TL/year, don't hesitate to request a custom contract. Standard terms are enough for an average SMB, but for high-risk workloads (financial, healthcare, e-commerce peak seasons) it's worth negotiating.

Dimension 5 — Customer Control: Panel, SSH, Transfer

The level of control a hosting provider gives you determines how easy it is for you to “not get locked in.” IHS offers three different control levels by package type:

  • Lowest (entry-level shared, like “Nano”): a limited in-house panel, no FTP or restricted FTP, and possibly no database access
  • Mid (cPanel/Plesk shared): standard cPanel/Plesk UI, FTP/SFTP, MySQL, email management; SSH usually disabled
  • Top (VPS/VDS): full root, your choice of OS, your own panel install (cPanel/Plesk/Hestia/no panel)

A reasonable rule of thumb: avoid any plan that doesn't run cPanel or Plesk. Those panels are the industry standard; when you eventually move to another provider, the same interface and one-click migration tooling (e.g., cPanel WHM Transfer Tool) shrink the move from days to a single evening. Provider-specific panels turn migration into a nightmare.

Transfer Preparation: An Evening Exit Plan

Before signing a yearly contract with any provider, estimate the cost of leaving. The script below gets a cPanel account ready for migration to another server with a full backup + DNS export + email export.

#!/usr/bin/env bash
# Full-backup scenario before a hosting move
set -euo pipefail

OLD="old-host.com"
NEW="new-host.com"
USER="siteuser"
WORK="/tmp/migrate-$(date +%s)"
mkdir -p "$WORK" && cd "$WORK"

# 1) Full file set (FTP/SFTP)
rsync -avz --progress \
 "${USER}@${OLD}:public_html/"./public_html/

# 2) All MySQL databases
mysqldump -h "$OLD" -u "$USER" -p \
 --single-transaction --quick --routines --triggers \
 --all-databases > all-dbs.sql

# 3) Export the DNS zone as a zone file
dig @"$OLD" yoursite.com AXFR > zone-export.txt 2>/dev/null || \
 echo "AXFR closed — export manually from the panel"

# 4) Pull email accounts in mbox format (over IMAP)
for mailbox in info admin sales; do
 imapsync --host1 "mail.${OLD}" --user1 "${mailbox}@yoursite.com" \
 --host2 "mail.${NEW}" --user2 "${mailbox}@yoursite.com" \
 --automap || true
done

# 5) Compress and encrypt (for off-site storage)
tar czf - public_html/ all-dbs.sql zone-export.txt | \
 gpg -c --cipher-algo AES256 -o "site-migrate-$(date +%Y%m%d).tar.gz.gpg"

echo "Migration package ready: $WORK"
ls -lh "$WORK"

Run this script as a dry run before signing a yearly contract. If your provider blocks mysqldump, rsync, or imapsync, your lock-in risk is high.

Getting a Domain Transfer Code (Auth Code / EPP)

For gTLDs like.com /.net /.org, requesting it 60 days in advance and disabling registrar lock is enough. For.tr domains the process is slightly different; we cover the details in our Domain and WHOIS guide.

# Pulling an auth code from the IHS panel (typical flow)
1. https://panel.ihs.com.tr → Login
2. My Domains → relevant domain → Manage
3. "Get Transfer Code" / "EPP Code" button
4. Confirmation email: within 5-15 minutes
5. Enter the code with the new registrar + confirm via the WHOIS email

# If you can't find the button:
→ Open a ticket: "I'm requesting the domain transfer code (EPP)"
→ They may ask for ID verification under KVKK
→ Legally they must provide it within 5 business days (ICANN policy)

Dimension 6 — Reputation: How to Read Complaint Platforms Correctly

Sites like Şikayetvar, Ekşi Sözlük, Technopat, R10, and Eksisi are valuable — but misleading if read incorrectly. The bigger a hosting company, the higher the absolute number of complaints; what matters is the ratio. For IHS specifically:

  • Total scale: 100,000+ individual + thousands of corporate customers
  • Total complaints on Şikayetvar: ~91 (all-time, all categories)
  • In the hosting category: ~38
  • In the domain category: ~19
  • Complaint/customer ratio: roughly under one in a thousand
  • Average rating: middling across 7 reviews

Those numbers aren't “catastrophic” for a provider; they're at or below the industry average. What matters are the recurring patterns:

  • Is the same complaint repeated by multiple users over months?
  • How quickly and in what tone does the company respond?
  • Is the resolution actually a resolution, or boilerplate?
  • Are complaints marked “resolved” genuinely closed?

For IHS specifically, the recurring patterns are: weekend and night-time support access, suspected dead-account issues (no automatic activation), hosting and email going down together, and price surprises on automatic domain renewals. These aren't fatal flaws but they are real operational weak spots.

Performance Comparison: IHS vs. Industry Benchmarks

WebsitePlanet's 2026 measurements put IHS shared hosting at an average page load of 1.7 seconds with a PageSpeed score of 67. Those numbers are reasonable for a Turkey location, but without a global CDN they are 30-50% slower for visitors in the EU or the US. If your Core Web Vitals 2026 targets include LCP under 2.5s, a basic Cloudflare integration is mandatory.

The table below sketches a rough positioning of leading Turkish providers (vendor-neutral, in no particular order):

  • IHS Telekom: since 1999, broad lineup,.tr accreditation, Istanbul DC, mid-to-upper price
  • Natro: longstanding player, dominant in the SMB market, cPanel/Plesk standard
  • Turhost (Doruk Net): enterprise-focused, premium pricing, relatively stricter SLA
  • Hostinger Turkey: low price, hPanel (their own panel), global infrastructure
  • İsimTescil: domain-heavy, hosting secondary
  • Veriteknik / Radore / Sayfa.com.tr: niche enterprise segment
  • International options: Hetzner, OVH, DigitalOcean, Linode, Contabo — require self-management

Which one is “the best” depends on your use case. If KVKK compliance is critical, choose Turkey-located; if developer flexibility is critical, choose an international VPS; if you're price-sensitive, the global low-cost players make sense.

IHS Strengths

  • .tr accreditation: direct registrar access for.com.tr,.org.tr,.gov.tr, etc. (no middleman)
  • Turkey location: KVKK compliance, low domestic ping (~5-15ms)
  • Established scale: 25 years of operations, financial sustainability (low risk of provider closure)
  • Broad product lineup: from domain to dedicated server on a single invoice
  • Turkish-language docs and support: minimal communication friction for local customers
  • Promotional entry pricing: 2 months free on annual plans plus a low starting price
  • Money-back guarantee: 30 days, unconditional
  • SSL certificates: both paid (RapidSSL/GeoTrust/DigiCert) and free (Let's Encrypt) integrations

IHS Weaknesses / Disputed Areas

  • Weekend / night support: insufficient for mission-critical systems
  • Panel limitations on entry-level plans: lack of cPanel/Plesk hurts portability
  • Backups aren't self-service: off-site backup is the customer's responsibility
  • Auto-renewal price gap: jump to list price in year two is a recurring complaint
  • Initial activation hiccups: some users report delivery issues that need manual intervention
  • No global CDN: an extra layer (Cloudflare, etc.) is required for international visitors
  • Hidden limits on “unlimited” plans: inode caps such as a 200,000-file limit
  • SSH disabled on some plans: restrictive for developers

Decision Matrix: When IHS Fits and When It Doesn't

IHS is a reasonable choice in scenarios such as:

  • Small-to-medium corporate sites that require KVKK compliance and a Turkey location
  • Blogs or corporate brochure sites with a predominantly local audience
  • Projects that need a.tr domain registration
  • WordPress sites with annual traffic in the 100K-500K visitor range
  • Customers with dedicated/VDS requirements who must keep the physical server in Turkey

In the following scenarios, consider other options:

  • 24/7 mission-critical workloads (payment flows, B2B APIs, SaaS with uptime contracts)
  • Modern stacks that demand high developer flexibility (Docker, Kubernetes, custom runtimes)
  • E-commerce with 1M+ monthly visitors that needs a global CDN
  • Ultra-low-budget personal projects (an international low-cost VPS may make more sense)
  • Compute-heavy workloads that demand bare-metal performance (ML training, video encoding)

Pre-Contract Checklist: Due Diligence in 15 Items

  • Is the uptime SLA written into the contract? (not just verbal)
  • Is the compensation/credit mechanism for SLA breaches clearly defined?
  • Are backup frequency, retention, and restore procedures documented?
  • Are off-site backups allowed? (rsync, mysqldump, SFTP available?)
  • Does the plan use the standard cPanel or Plesk panel?
  • Can SSH access (even jailed) be enabled?
  • How many cron jobs are allowed and at what cadence?
  • SMTP / IP reputation: is the IP block currently on a blacklist? (check via mxtoolbox.com)
  • Can you add SPF/DKIM/DMARC records from your own DNS for email?
  • Is DNS management free in the panel, or only NS changes?
  • For KVKK compliance, is a privacy notice or VERBIS registration shared?
  • Are VAT invoices issued? (some North Cyprus-based providers don't)
  • Is the auto-renewal price the promo price or the list price?
  • Is the procedure for invoking the 30-day refund documented?
  • Is the domain auth code self-service or ticket-based?

Don't sign a yearly contract until you have written answers to these 15 items. Some of the answers will be in the contract, some in the FAQ, and some in support tickets — each of them is a record you can later use as evidence.

Practical Health Check: Test Your Existing Hosting

If you're already on IHS or another Turkish host and want to test the “is it reliable” question against your own server, the following command set gives you a quick snapshot.

# 1. DNS health
dig +short A yoursite.com
dig +short MX yoursite.com
dig TXT yoursite.com | grep -E 'spf1|DKIM|dmarc'

# 2. TLS / certificate health
echo | openssl s_client -servername yoursite.com -connect yoursite.com:443 2>/dev/null \
 | openssl x509 -noout -dates -subject -issuer

# 3. HTTP response time (5 consecutive runs)
for i in 1 2 3 4 5; do
 curl -o /dev/null -s -w "$i: %{http_code} | dns: %{time_namelookup}s | conn: %{time_connect}s | tls: %{time_appconnect}s | total: %{time_total}s\n" https://yoursite.com
done

# 4. HTTP/2 and HTTP/3 support
curl -sI --http2 https://yoursite.com | head -1
curl -sI --http3 https://yoursite.com | head -1 # requires curl 7.66+ with HTTP/3 build

# 5. Security headers
curl -sI https://yoursite.com | grep -iE 'strict-transport|content-security|x-frame|x-content-type|referrer'

# 6. Quick SSL Labs-style scan (testssl.sh)
./testssl.sh --severity HIGH https://yoursite.com

# 7. Mail IP reputation (PTR + RBL check)
MAIL_IP=$(dig +short A mail.yoursite.com)
dig +short -x "$MAIL_IP"
for rbl in zen.spamhaus.org bl.spamcop.net dnsbl.sorbs.net; do
 REVERSED=$(echo "$MAIL_IP" | awk -F. '{print $4"."$3"."$2"."$1}')
 echo -n "$rbl: "
 dig +short "$REVERSED.$rbl" || echo "clean"
done

If the entire output is clean (200 responses, valid certificate, SPF/DKIM/DMARC present, clean RBLs, total time under 800ms, HTTP/2 enabled), your provider is doing its job. Conversely, if you see 5xx errors, an expired certificate, an IP listed on an RBL, or total time above 3s, raise it with your provider — and if they can't fix it, it's time for a comprehensive performance audit.

WordPress-Specific Performance Tips on IHS

The most common workload on IHS in Turkey is WordPress. If you're already running WordPress on IHS hosting, here are a few ways to get the most out of the package's physical capacity:

  • Enable the LSCache plugin: if a LiteSpeed server is in use, server-level cache is free and one-click. Our LSCache guide
  • Add the free Cloudflare plan: an NS change cuts LCP for visitors outside Turkey roughly in half
  • Convert images to WebP/AVIF: server-side bulk conversion (instead of a plugin) doesn't tax CPU
  • Delete plugins you don't use (deactivating isn't enough): every plugin means more DB queries
  • Object cache: if Redis is available, enable it via the redis-object-cache plugin
  • Image lazy loading: native HTML loading="lazy" — no JS plugin needed
  • Lean theme: GeneratePress, Astra, Kadence — bloated themes kill PHP

With these seven items, an IHS shared plan can comfortably carry 50K-100K monthly visitors.

Hardening on a VPS / VDS

If you bought a VPS/VDS from IHS, the default install is bare — hardening is entirely on you. Run the commands from our VPS security hardening guide in priority order:

#!/usr/bin/env bash
# New VPS — first 30-minute hardening menu
set -euo pipefail

# 1) Update system
apt update && apt upgrade -y
apt install -y unattended-upgrades fail2ban ufw curl wget vim
dpkg-reconfigure -plow unattended-upgrades

# 2) Add user, disable root SSH
adduser deploy
usermod -aG sudo deploy
mkdir -p /home/deploy/.ssh && chmod 700 /home/deploy/.ssh
cp ~/.ssh/authorized_keys /home/deploy/.ssh/
chown -R deploy:deploy /home/deploy/.ssh

sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/^#*Port 22/Port 22022/' /etc/ssh/sshd_config
systemctl restart sshd

# 3) Firewall — UFW
ufw default deny incoming
ufw default allow outgoing
ufw allow 22022/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

# 4) Fail2ban — SSH brute-force protection
cat > /etc/fail2ban/jail.local <<'EOF'
[sshd]
enabled = true
port = 22022
bantime = 24h
findtime = 10m
maxretry = 3
EOF
systemctl restart fail2ban

# 5) Automatic security updates
cat > /etc/apt/apt.conf.d/20auto-upgrades <<'EOF'
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";
EOF

echo "Baseline hardening done. Next: TLS, monitoring, log shipping."

Once this baseline hardening is done, you can take the server to production-ready with our detailed Fail2ban configuration, Let's Encrypt SSL, Nginx reverse proxy, and Prometheus + Grafana monitoring.

Domain Side: Stay vs. Leave IHS Calculation

Should you transfer your domain to another registrar? The answer doesn't depend on what's happening at IHS specifically; it depends on the registrar pricing/services matrix. Run the numbers:

  • IHS renewal price: ~$8-15 USD for.com (varies with the campaign)
  • Cloudflare Registrar: wholesale price ($9.77 for.com) — no markup, but they don't sell hosting
  • Porkbun: ~$10.50 for.com, free WHOIS privacy
  • Namecheap: ~$13 for.com, cheap first year
  • Gandi: ~$18 for.com, premium support
  • Local requirement for.tr domains: managed by TRABIS, not ICANN — you cannot transfer.tr to a foreign registrar

If you have a gTLD domain like.com /.net and your hosting is at a different provider, moving the domain to Cloudflare Registrar (and keeping DNS on Cloudflare too) is usually the cheapest, best-performing combo.

Moving DNS to Cloudflare

# Export the existing zone file (from your panel or with dig)
dig @ns1.olddns.com yoursite.com ANY
dig @ns1.olddns.com yoursite.com AXFR # usually disabled

# Import via the Cloudflare CLI (cloudflared)
cloudflared tunnel login
cloudflared zone create yoursite.com
cloudflared zone import yoursite.com zone-export.txt

# Make the NS change in your registrar panel:
# Old: ns1.olddns.com, ns2.olddns.com
# New: ada.ns.cloudflare.com, bob.ns.cloudflare.com

# Propagation takes 5 min - 48 hours. Keep both NS sets during the window.
watch -n 30 'dig +short NS yoursite.com'

Keeping DNS on Cloudflare gets you a free CDN, DDoS protection, and TLS management independent of your hosting — a forward win regardless of which provider you settle on.

Email: IHS's Most Disputed Component

The single most-repeated theme on complaint platforms is “email access problems.” There's an architectural reason: on shared hosting, email goes out from a shared IP. When another customer on that IP starts sending spam and the IP lands on a blacklist, your delivery rate crashes too. That's why you should use a separate provider for business email:

  • Google Workspace: ~$6/user/month, the industry standard
  • Microsoft 365 Business: includes Office, ~$6-12/month
  • Zoho Mail: free tier available, attractive for small teams
  • Fastmail: $5/month, privacy-first, clean UI
  • Self-host: Mailcow / Mail-in-a-Box: for control, but be ready for the IP-reputation battle

Pointing the MX records on your hosting's DNS to a new email provider takes five minutes. The free email service bundled with a hosting package isn't enough for business-grade reliability.

Backup + Disaster Recovery: A 30-Minute Plan

You can resolve every concern about your hosting provider's reliability in a single step: back up off-site every night. Even if your provider goes bankrupt tomorrow, the data center burns down, or your IP lands on a blacklist, you'll be back online in two hours.

#!/usr/bin/env bash
# /etc/cron.daily/site-backup — simple, robust backup
set -euo pipefail

SITE="yoursite.com"
ROOT="/var/www/${SITE}"
DB_USER="wp_user"
DB_NAME="wp_db"
BACKUP_DIR="/var/backups/${SITE}"
DATE=$(date +%Y%m%d)
RETENTION_DAYS=30

mkdir -p "$BACKUP_DIR"

# 1) DB dump
mysqldump --single-transaction --quick --routines \
 -u"$DB_USER" -p"$MYSQL_PWD" "$DB_NAME" \
 | gzip > "${BACKUP_DIR}/db-${DATE}.sql.gz"

# 2) File tarball
tar -czf "${BACKUP_DIR}/files-${DATE}.tar.gz" \
 --exclude='*/cache/*' --exclude='*/wp-content/uploads/large/*' \
 -C "$ROOT".

# 3) Off-site upload (Hetzner Storage Box / Backblaze B2 / Cloudflare R2)
rclone copy "${BACKUP_DIR}/db-${DATE}.sql.gz" "remote:backups/${SITE}/db/"
rclone copy "${BACKUP_DIR}/files-${DATE}.tar.gz" "remote:backups/${SITE}/files/"

# 4) Clean up old local backups
find "$BACKUP_DIR" -name '*.gz' -mtime +${RETENTION_DAYS} -delete

# 5) Health check — alert if no backup ran today
LATEST=$(find "$BACKUP_DIR" -name 'db-*.sql.gz' -mtime -1 | wc -l)
if [ "$LATEST" -lt 1 ]; then
 curl -s -X POST "$WEBHOOK_URL" -d "text=ALERT: ${SITE} backup did not run today"
fi

Make this script executable with chmod +x and drop it into /etc/cron.daily/. A Hetzner Storage Box starts at 3.5 EUR/month; a 1 TB target costs 42 EUR/year — far cheaper insurance than any hosting plan.

Community Validation: Your Own Network

Listen to the actual user base, not the complaint sites. About 80% of hosting customers in Turkey are WordPress developers, agencies, SMB owners, or small e-commerce operators. Pulling references from this community is incredibly valuable:

  • WP Turkey Facebook group: 30K+ members, ongoing hosting discussion
  • r/Turkey (Reddit): honest takes on technical topics
  • Twitter (X) #hosting #wordpress: real-time problem reports
  • Discord — developer servers: including the KEYDAL Discord (discord.gg/KEYDAL), fast feedback
  • Old colleagues: one story from someone who's used the same provider for years is worth more than 100 reviews

Before signing off on a hosting decision, pull opinions from at least three different channels and three users with at least three years of experience each.

SLA Negotiation: When the Standard Contract Isn't Enough

If you're spending 5,000 TL+/year, the standard contract isn't enough. Ask for these as custom additions:

  • Guaranteed uptime of 99.95%+: pro-rata credit of 10% of the monthly fee per breach
  • Guaranteed first-response time: 30 minutes for P1 (critical), 4 hours for P2 (high)
  • Monthly reporting: uptime, ticket statistics, planned-maintenance calendar
  • RFO (Reason For Outage): written post-mortem within 24 hours for any outage longer than 30 minutes
  • Backup retention: 7 daily, 4 weekly, 12 monthly
  • Off-site backup access: right to auto-copy to your own S3 bucket
  • Termination clause: unilateral termination with 30 days' written notice and pro-rated refund of unused term
  • Data portability: 30 days of backup-download access after termination
  • Subprocessor list: explicit list of third parties used (CDN, email, logs)
  • Data-breach notification window: 24 hours (ahead of KVKK's 72-hour bar)

These clauses are routine in the enterprise customer segment of large providers; they'll agree if you ask. Nobody offers them on their own.

Migration Scenario: Moving Away from IHS

Suppose you've decided — you're leaving. How do you run the process with minimum downtime?

  • Week 1 — Prep: open an account at the new provider, learn the panel, verify your backups
  • Week 2 — Mirror setup: copy site files and DB to the new server, test via the hosts file
  • Week 3 — Lower DNS TTL: drop TTL from 86400 to 300 (wait 24 hours for propagation)
  • Week 4 — Cutover: point the DNS A record to the new IP, verify email MX
  • Week 5 — Wait + cleanup: keep the old hosting for 30 days (until DNS propagation is fully complete); then terminate
# Lower DNS TTL (24 hours before cutover)
# Before (apply this first, wait 24 hours):
yoursite.com. 86400 IN A 1.2.3.4

# Then (TTL = 300, propagation accelerates):
yoursite.com. 300 IN A 1.2.3.4

# At cutover, change the IP:
yoursite.com. 300 IN A 5.6.7.8

# 24 hours later, return to a normal TTL:
yoursite.com. 3600 IN A 5.6.7.8

# Post-cutover test
for ns in 1.1.1.1 8.8.8.8 9.9.9.9; do
 echo -n "$ns: "
 dig @$ns +short A yoursite.com
done

# Log traffic still going to the old IP — who's still on the stale cache?
tcpdump -i eth0 'host 1.2.3.4 and dst port 443'

A correctly executed cutover causes zero perceived downtime for users. Both the old and new servers serve the same content; once DNS propagation finishes, everyone is on the new server. Then you can close the old account.

Frequently Asked Questions

Is IHS mandatory for buying a.tr domain?

No..tr domains are now managed by TRABIS rather than ICANN, and there are dozens of accredited registrars in Turkey. IHS is high on that list, but it's not your only option. You can compare registrar prices via our WHOIS tool.

How much annual traffic can a shared hosting plan carry?

For a static site or a well-optimised WordPress install, 50,000-100,000 visitors/month is comfortable. For more, consider moving to VPS or managed WP hosting. Applying the principles in our optimisation guide can squeeze far more performance out of your shared package.

My email was lost on IHS — can I recover it?

If IMAP delete happened on the provider side, no. If your device still has an mbox/PST file, yes — it's recoverable. That's why we recommend always keeping business email at a separate provider plus IMAP mirroring.

With this many complaints, why do large customers still use them?

Because the absolute number of complaints is a small percentage of the customer count. Corporate customers also tend to operate under custom contracts — patterns on public complaint platforms may not reflect the experience of a premium enterprise customer. Even so, we recommend measuring your own experience against your own metrics.

Does multi-cloud make sense in Turkey instead of a single provider?

For mission-critical systems, yes. Keeping DNS on Cloudflare, primary hosting in Turkey, and backups on EU/US storage is a smart distribution. It prevents a single point of failure from taking the whole system down.

Conclusion: A Clear Answer to “Is IHS Reliable?”

The bottom line: IHS Telekom is a reasonable, acceptable provider for mid-sized SMB and corporate Turkey-focused projects — but for mission-critical, high-traffic, or 24/7-support workloads, it isn't enough on its own without additional layers (CDN, off-site backups, a separate email provider, a premium SLA contract). 25 years of industry experience,.tr accreditation, and the Istanbul location are real pluses; the weak weekend/night support and lack of self-service backups are real minuses.

As a decision matrix, two sentences are enough: “If a Turkey location is mandatory, KVKK compliance is critical, and you operate at SMB scale, IHS is a reasonable pick. If you operate a 24/7 mission-critical system, sign a managed enterprise contract or move to a tier-1 international provider.”

In any case, keep a provider-independent backup strategy, an independent DNS manager (like Cloudflare), and an independent email provider. Those three layers protect you from the bulk of operational risk regardless of which hosting company you choose.

Resources and Further Reading

Want a neutral expert opinion on your hosting decision?

For an independent audit of your current provider, a migration plan, a backup architecture, or a custom SLA negotiation, reach out to the to get in touch

WhatsApp