I’ve liked SiteGround for years. It was the first host I used when I built by first WordPress site over 14 years ago.
Their team has been good to us over the years too, with helpful support, solid infrastructure, and people who clearly cared about getting things right. When someone asked me for a simple hosting recommendation, they were often on my list.
That’s exactly why this is worth writing about.
Last week, the AI Agent by SiteGround plugin started appearing on people’s WordPress sites. Nobody searched for it and nobody installed it. Instead, it was auto-installed and auto-activated, on over a million sites.
The plugin now holds a 1.1 star rating on the WordPress plugin repository, with thirty-five one-star reviews to a single lonely five-star, and in just a few days. A million installs and one of the worst ratings on the entire plugin repo. Those numbers describe a trust problem that we need to talk about.
What Actually Happened
The plugin, listed as sg-ai-studio, is genuinely capable on paper. It manages WordPress and WooCommerce through a chat interface, handles content, and runs bulk updates across multiple sites. As a tool, there seems to be real value in it, but that’s not the issue.
The problem is that SiteGround pushed it onto hosting customers’ sites without meaningful consent. People logged in to find software they never requested, installed and activated on sites they’re responsible for, ready to talk to SiteGround’s external AI service the moment anyone connected it.
The reaction was immediate and unanimous, and the reviews read like a single furious voice.
“Auto Install = HUGE Mistake !!”
“Why did you install without consent?”
“terrible and deceptive”
“No Longer a SG Fan”
It spilled onto Reddit too. A thread on r/SiteGroundOfficial titled “WARNING – SiteGround just put some AI plugin into every single site” captured the mood exactly. The author asked, with some colour, who internally greenlit a project like this, and that’s the question everyone’s asking.
The Defense, and Why It Didn’t Land
To their credit, SiteGround showed up. Their team replied directly in the Reddit thread and across the support forums, which is more than many companies do when the heat is on.
Their explanation was reasonable at face value. The plugin was added to prepare for the WordPress 7.0 rollout and its new AI framework, and the goal was to spare customers from manually configuring connectors and API keys. They stressed that the plugin does nothing on its own. It doesn’t act in the background, it doesn’t touch your site unless you actively use it, it can be disabled or removed at any time, and they say they emailed affected customers in advance.
All true, probably. And it still didn’t land. Here’s why.
The defense answers a technical question nobody was really asking. Customers weren’t mainly worried that the plugin would secretly wreck their sites overnight. They were angry about the principle, because something they didn’t choose was placed on infrastructure they’re responsible for.
The original poster on Reddit said it well. He didn’t recall any email that said an AI plugin will be auto-installed on their site, and the fact that it does nothing until connected misses the point entirely.
It still shows up where clients can see it, get curious, and start playing. That, he said, is the hazard. He knows he won’t connect anything, but his clients might, and it invites amateur modifications to sites he has to maintain.
You can’t answer a trust objection with a feature explanation. When someone says “you shouldn’t have done this without asking,” replying with “but it’s safe and optional” tells them you haven’t understood their concern at all.
The Real Lesson Is About Reputation
SiteGround didn’t become a respected host overnight. They built that reputation over many years, through thousands of small moments where they did right by customers. Good support tickets, reliable uptime, and fair dealing. Reputation is slow and quiet to build, with one decent interaction at a time, until it becomes the thing people repeat when your name comes up.
One decision can put a serious dent in all that work.
That’s the uncomfortable truth about reputation. It’s asymmetric. You earn it in years and you can damage it in a single action. A million sites is an enormous reach, which is precisely why using that reach carelessly does so much harm. The bigger your footprint, the more a single misjudged move echoes.
Notice what people are actually saying in the reviews. They’re not writing “this plugin has a bug.” They’re writing “No Longer a SG Fan”. This is a complaint about the relationship between the two parties. Once a customer starts questioning whether you respect their control over their own site, every future interaction gets filtered through that doubt.
And that doubt is the expensive part for SiteGround, far more than the plugin ever was.
It’s Also Quietly Unfair to Everyone Else
There’s a second problem here, and it bothers me as someone who builds plugins for a living.
Search “AI agent” in the WordPress plugin directory right now. The AI Agent by SiteGround plugin sits near the top, ranking third, above hundreds of plugins that people actually chose to install. A brand new plugin, with one of the worst ratings on the entire repository, outranking tools that took years to get there.
Sit with that for a second.
The directory leans heavily on active installs when it ranks search results. That makes sense when installs mean what they’re supposed to mean, that people found a plugin, liked the look of it, and chose to use it. It makes no sense at all when a host can manufacture a million installs overnight by pushing software onto sites that never asked for it.
I run WP RSS Aggregator and Spotlight Instagram Feeds. We built the two to 100,000 active installs over many years, one genuine user at a time. That’s how almost every independent developer in this space does it, even if there aren’t many of us left today. You earn visibility slowly on the strength of your work.
Then a host with hosting customers underneath it can leapfrog the whole directory in a few days, not by being better, but by having an audience it can deploy to. The plugin doing the leapfrogging has a 1.1 star rating, but the ranking is supposed to reflect what users chose, and here it reflects just what was done to them.
So every developer growing the honest way just watched the spotlight get taken by a plugin nobody wanted, and the system rewarded it for that. That’s not SiteGround’s problem to fix on their own. It points at something the WordPress.org directory needs to think hard about, because if forced installs can buy a top ranking, every host with a plugin and a customer base will make the same move, over and over, in any market they want.
What Not to Do
I run a plugin company and e make decisions that affect tens of thousands of sites, so the temptation this story illustrates is one I recognise. When you have a captive audience and a new feature you’re proud of, the fastest path is to flip a switch and deploy.
The reach is right there, so why not just use it?
The first rule is simple. Always default to opt-in for anything that touches a customer’s property. Opt-out assumes you already have their permission, while opt-in means you have to ask for it. That difference is everything, and customers feel it right away.
The second rule is that “we technically told you” isn’t consent. If your notification strategy depends on customers having read one particular email from a few days or weeks ago, you don’t have consent, you have a paper trail. Those aren’t the same thing, and your customers know the difference.
The third rule is that reach is a responsibility, not a convenience. The ability to deploy to a million sites is a position of trust. The moment you treat it as a distribution shortcut, you’ve started spending the very thing that gave you the reach in the first place.
This is the kind of thing that seems obvious in hindsight and somehow gets lost in a roadmap meeting where the framing is “how do we make adoption frictionless”. Frictionless adoption and respect for consent are sometimes in direct tension, and when they are, consent has to win, because consent is what your reputation is made of.
SiteGround Can Recover From This
I want to be fair here, because I still think well of SiteGround overall.
This moment is recoverable. If they pull the auto-installs, make it genuinely opt-in, and say plainly that the rollout was a mistake, they can recover. Saying that the feedback “has been forwarded to the product team”, which is the language of a corporation managing a problem instead of owning one, things will only get worse.
Customers forgive companies that admit they got it wrong far faster than companies that explain why they were actually right.
The good news, if there is any, is that the strong reputation SiteGround built is also what gives them room to recover. People are angry precisely because they expected better, and that expectation is an asset. It means the relationship is worth repairing on both sides.
A million installs is a remarkable number. It would mean something entirely different if even one of them had been a choice. The lesson for the rest of us is quieter and more useful:
Guard the trust you’ve built, because the speed at which you can spend it will always outrun the years it took to earn.
When was the last time a single decision changed how you felt about a company you used to trust?
