Self-Hosted FTP vs Managed Cloud:
Which One Survives a Traffic Spike?
Traffic spikes are the moment when your media infrastructure either justifies itself or reveals its weaknesses. The question of whether self-hosted FTP or managed cloud storage handles a sudden 10x traffic surge better is not theoretical. It has a specific, technical answer that depends on how each option is architected with CDN.
Updated 2026
Infrastructure Resilience Guide

Your product gets featured in a major publication. A social media post goes viral. A podcast mentions your WooCommerce store and 50,000 people visit in the next four hours. A Black Friday campaign performs better than expected and drives eight times your usual daily traffic in a single morning. Traffic spikes are the test that infrastructure either passes or fails in real time, with real consequences.
When the question of how self-hosted FTP storage compares to managed cloud storage during a traffic spike comes up in WordPress communities, the common assumption is that managed cloud wins because it is backed by Amazon or Google and therefore more scalable. This assumption misunderstands where the bottleneck actually is during a traffic spike on a WordPress site. The bottleneck is almost never the storage provider. It is the origin server response time and whether a CDN is absorbing the request load.
This guide explains exactly what happens at each layer of a WordPress media infrastructure during a traffic spike, why the storage provider is largely irrelevant to the outcome, and what the actual differentiating factors are between self-hosted FTP and managed cloud in a high-traffic scenario.
What actually breaks during a WordPress traffic spike
A traffic spike on a WordPress site creates load at multiple layers simultaneously. Understanding which layer breaks first, and why, is essential for understanding what the media storage decision actually affects.
When 500 simultaneous visitors hit a WordPress page, each one requires a PHP process to generate the HTML. If the hosting plan provides 4 PHP workers, the first 4 requests are served immediately. The remaining 496 queue. Queue depth grows faster than PHP processes can clear it. Response times climb from 200ms to 2 seconds to 10 seconds. Eventually, requests time out. This is the primary failure mode of WordPress under traffic spikes and it has nothing to do with where images are stored.
Each PHP process executing a WordPress page load runs dozens to hundreds of database queries. Under traffic spike conditions, the database server handles hundreds of simultaneous query loads. Without object caching (Redis/Memcached), the database becomes the second bottleneck, adding latency to every PHP process waiting for query results and further degrading TTFB. Again, no relationship to image storage location.
If images are served from the hosting server without a CDN, the 30 to 40 image requests per page visit add to the hosting server’s I/O and network burden simultaneously with PHP execution. This is where media storage location becomes relevant: images served from a properly cached CDN create zero additional load on the origin server during a traffic spike. Images served from the hosting server or from uncached object storage create direct resource competition with PHP processing.
The storage provider (FTP server or S3 bucket) is accessed by the CDN, not directly by visitors. During a traffic spike, a visitor’s browser requests an image from the CDN. If the CDN has it cached, the CDN serves it from edge — zero requests reach the FTP server or S3 bucket. The storage provider’s capacity only matters during CDN cache misses, which on a stable WordPress media library with a 30-day cache TTL represent under 2% of total image requests. Both FTP and S3 handle 2% of traffic easily. The CDN is what handles 98% of traffic, and CDN quality is independent of which storage provider is behind it.
What happens at each layer during a 10x traffic spike: the comparison
To compare FTP and managed cloud concretely, we trace what happens during a 10x traffic spike for a WooCommerce store with 5,000 products and a CDN with a warm cache, then without a CDN.
CDN cache hits: 98% (34,300 from CDN)
FTP origin requests: 700/hour
FTP server load: minimal
Image TTFB: 12ms avg
CDN cache hits: 98% (343,000 from CDN)
FTP origin requests: 7,000/hour
FTP server load: still minimal
Image TTFB: 12ms avg (unchanged)
CDN cache hits: 98%
S3 origin requests: 700/hour
S3 egress: minimal
Image TTFB: 15ms avg
CDN cache hits: 98%
S3 origin requests: 7,000/hour
S3 egress: minimal
Image TTFB: 15ms avg (unchanged)
All requests hit S3 directly
S3 egress: 35,000 requests × avg 200KB = 7GB/hour
S3 egress cost: $0.63/hour
Image TTFB: 200 to 400ms
All requests hit S3 directly
S3 egress: 70GB/hour
S3 egress cost: $6.30/hour = $151/day
S3 throttling possible at extreme scale
Hosting handles PHP + images together
Performance: adequate but suboptimal
Image TTFB: 300 to 600ms
PHP processes queue behind image serving
Cart and checkout slow dramatically
Server may throttle or go offline
Image TTFB: 2 to 10+ seconds
The actual differentiating factors between FTP and cloud during spikes
Since both FTP and S3 with a CDN perform equivalently during a traffic spike in terms of image delivery, the differentiating factors are in other dimensions: cost behavior, origin bandwidth limits, and what happens if the CDN cache is not warm.
With a properly warmed CDN, S3 egress during a spike is minimal (only cache misses hit S3 origin). The S3 bill for a 4-hour traffic spike with 98% cache hit rate is negligible. However, if the spike happens before the CDN cache is warm, such as on a site launch day or after a CDN cache purge, all image requests miss the cache and hit S3 origin directly, generating the catastrophic egress costs shown in Scenario 3.
S3 cold cache spike: Potentially $100s/hour
FTP cold cache spike: Minor — only CDN delivery charges, no origin egress fees
S3 is backed by AWS’s globally distributed infrastructure with effectively unlimited bandwidth at the origin. A Hetzner Storage Box has a network connection of 1Gbps included with the subscription. At 1Gbps, the storage box can transfer approximately 450GB per hour at full bandwidth. For a site where 2% of 350,000 image requests per hour (7,000 cache misses) each require an average 200KB image, the total origin bandwidth requirement is approximately 1.4GB per hour of cache miss traffic. Well within the FTP server’s 450GB/hour capacity. S3’s unlimited origin bandwidth is irrelevant at this scale.
AWS S3 offers a 99.99% uptime SLA with formal compensation terms for downtime. Hetzner Storage Box does not offer a formal SLA document with compensation terms, though Hetzner’s track record of uptime is strong. For operators who require a formal SLA for compliance or contractual purposes, S3 is the appropriate choice. For the vast majority of WordPress sites where a formal SLA is not a contractual requirement, the practical uptime difference between the two options is immaterial.
Both options face the cold cache problem when the CDN cache is not yet populated. The difference is financial: a cold cache S3 direct-serve spike costs the S3 egress rate ($0.09/GB) for every image request that misses the cache. A cold cache FTP + BunnyCDN spike costs the CDN delivery rate ($0.01/GB). If your store launch day happens to be the same day you go viral, the financial exposure under a cold cache S3 setup is nine times higher than under FTP + BunnyCDN for the same traffic volume.

Preparing for a traffic spike: the pre-event checklist
Whether you use FTP or cloud storage, there are specific preparation steps that determine whether a planned traffic event (product launch, sale, PR push) succeeds or creates infrastructure problems. Many of these apply regardless of storage provider.
Before a planned product launch or sale, use a crawling tool (wget with recursive flag, or a dedicated cache warmer) to pre-fetch the CDN URLs for your key product pages. This populates the CDN cache before visitors arrive, ensuring that your spike traffic is served entirely from edge nodes from the first request rather than generating cache misses under load.
Full-page caching eliminates PHP execution for repeat page visits. During a spike where the same product pages are visited thousands of times, page caching means those pages are served as static HTML from cache rather than requiring PHP processing for each visitor. This directly addresses the primary spike failure mode: PHP worker exhaustion.
If you are using S3 as your origin, set an AWS billing alert at a threshold that would indicate unexpected direct-serve traffic. An alert at $20/day in S3 egress would fire within the first hour of a cold-cache traffic spike, giving you time to respond. FTP users do not need this step — there are no egress surprise bills regardless of traffic volume.
Object caching (Redis or Memcached) reduces the database query load per PHP process during a spike by serving repeated queries from memory. For WooCommerce stores, enabling object caching before a promotional event can double or triple the effective throughput of the hosting plan’s PHP worker count.
The verdict on FTP versus managed cloud for traffic spike survival is clear once the architecture is correctly understood: both perform identically under a traffic spike when a properly configured CDN is in place. The differentiating factors favor FTP on cost resilience (no egress surprise) and simplicity, while S3 has an advantage only in formal SLA documentation and ecosystem integration for operators who specifically need those features.
According to BunnyCDN’s published analysis of traffic spike events, the vast majority of origin-reaching requests during a traffic spike are cache misses on new content that has not yet been cached, not failures of origin infrastructure capacity. This confirms the analysis in this guide: both FTP and S3 origins are more than capable of handling the actual origin request volume during a spike. The CDN layer is what determines spike survivability, and CDN quality is a choice independent of which storage provider you use behind it.
WP FTP Media’s CDN-ready WordPress media infrastructure plugin provides the FTP storage plus output-based URL rewriting that makes the CDN-first architecture available to any WordPress site, so that the next traffic spike arrives to a site where image delivery is handled entirely by CDN edge nodes regardless of what the hosting server is doing with PHP and database load.

Traffic spikes are won or lost at the CDN. Your storage provider just needs to be behind a good one.
WP FTP Media puts your WordPress media on FTP storage and routes all delivery through your CDN, so that your next traffic spike finds images at CDN edge nodes — not on a hosting server competing with PHP, not generating S3 egress bills, and not degrading under load.

Hey everyone, just wanted to share my experience with this deep dive on traffic spikes and WordPress media storage. As a family doctor who runs a health blog in my spare time, I've had my share of unexpected traffic surges (shoutout to Reddit for that chaos). The part that really hit home was the explanation of where things actually break during a spike.
This guide actually explained why my site kept crashing during big sales even though I was paying for "premium" cloud storage. the whole time it wasn't even the storage my origin server was getting overwhelmed because the CDN wasn't set up right for dynamic requests.
Hey everyone, just wanted to share my experience with this setup after our firm got featured in a design magazine last month. We saw a massive traffic spike overnight, and I was bracing for the worst. but the CDN integration handled almost all the extra load our server response times stayed quick even with thousands of users hitting product pages at once. The best part? We're on self hosted storage, not some expensive cloud setup. Turns out the real issue isn't the storage itself but how well your CDN and backend are configured
Really appreciate the detailed take on handling traffic spikes this is gold. i've been running a WooCommerce store for three years now, and like a lot of folks, I just assumed cloud storage was the magic fix for everything. Your note about origin server response time really resonated with me last Black Friday, we got slammed even with S3 in place because our host's PHP workers were maxed out. The CDN helped, sure, but it wasn't enough to save us