Is DreamHost Secure? We Take A Look
Security is one of the most crucial features a web hosting provider can offer. After all, your website is only as secure as the platform it’s built on. When it comes to this aspect, DreamHost truly shines. Our detailed DreamHost review pointed out how they go the extra mile to ensure each website is secure.
What measures does DreamHost take to keep your website safe? This article will take a comprehensive look at its various security features.
DreamHost’s Basic Security Features
DreamHost offers a wide range of security features to keep your website safe. Here are some of the most important ones:
1. Let’s Encrypt SSL
A standard feature for hosting providers, Let’s Encrypt SSL ensures that all data transmitted to and from your website is encrypted. This is essential for protecting your site from hackers and boosting your search engine ranking (Google gives preference to sites with SSL).
Every DreamHost plan comes with a free Let’s Encrypt SSL/TLS certificate which can be easily installed via the DreamHost panel. Whilst this should be enough for simple websites like WordPress blogs, business websites may want to upgrade to a Sectigo verified SSL for $15 a year, or install their own SSL from a third-party. Learn more about SSL certificates here.
2. Free Domain Privacy
Domain Privacy is a default free security service offered by DreamHost that hides your personal information from the public WHOIS database. This is important because, without it, anyone can find your personal information (such as your home address and phone number) by doing a simple WHOIS search.
3. Multi-Factor Authentication
DreamHost now offers multi-factor authentication with either the Google Authenticator app or Yubikey. This is an extra layer of security that requires you to confirm your identity with at least a second factor, such as a code sent to your phone. It’s an upgrade from the two-factor authentication they used to offer to stop any unwanteds getting into your account.
4. Anti-Spam Filters
Spam is not only annoying, but it can also be dangerous. DreamHost’s spam filters protect your site from unwanted and potentially harmful email messages. Additional spam settings give you options to allow and block email addresses, as well as create block lists.
5. Daily Backups
DreamHost backs up your website every night. In case something happens to your site, you can rest assured that you have a recent backup to fall back on. You can also restore individual files from your control panel.
You should note that daily automatic backups are only available in the more expensive pricing plans. However, users subscribing to lower tiers can still perform manual backups with DreamHost’s one-click backup option.
6. DDoS Protection
DDoS attacks are becoming increasingly common and can be devastating for a website. DreamHost offers integrated DDoS detection and mitigation powered by Arbor’s Peakflow SP. The service can actively mitigate attacks without disrupting website traffic.
DreamHost’s Advanced Security Features
Now that we’ve covered DreamHost’s standard security offerings, it’s time to examine its more advanced features. These are what give DreamHost a competitive edge.
1. DreamShield (Malware Remover)
DreamShield is DreamHost’s own malware remover, made by the company’s in-house security engineers. It is an add-on service that costs an extra $3 a month on top of your hosting plan, and works to remove malware from your website and restore it to its original state.
DreamHost will perform weekly scans and reports that reflect whether or not malicious files have wormed their way past standard security measures.
2. mod_security
Mod_security is part of DreamHost’s “Extra Web Security” option. It’s a Web Application Firewall (WAF) that protects your website from common attacks, such as SQL injection and cross-site scripting (XSS). This is enabled by default, but you have the option to disable it by unticking the “Extra Web Security” box in the control panel.
3. lua-resty-waf
Lua-resty-waf is an open-source project that combines Nginx services, Lua interpreter, and JIT compiler. It is essentially a more comprehensive WAF that protects websites against advanced malicious HTTP requests. This is the other half of DreamHost’s “Extra Web Security” option.
Has DreamHost Suffered Any Security Breaches?
Despite the strong security measures, DreamHost has unfortunately been susceptible to data breaches in the past. In 2021, security researcher Jeremiah Fowler and the Website Planet research team found that a human error exposed one of DreamHost’s databases online, resulting in a leak of 815 million records. Valuable data include names, usernames, and email addresses.
The breach was made known in May, by which DreamHost immediately took action and removed the database from public view. Representatives from the team explained that only a few websites might have been compromised, as the database was exposed for 12 hours before DreamHost removed it.
This is currently the only known data breach the company experienced. However, it reminds us that even the most well-protected systems can fall victim to human mistakes.
DreamHost Offers A Secure Host Solution
Considering the data breach, DreamHost still receives top points from us for its excellent security features. There is a reason why WordPressofficially recommended it and why we dubbed it as one of the best WordPress hosting for beginners.
Nevertheless, always remember to practice good security habits on your end, such as using a strong password and multi-factor authentication. These will help keep your account and data safe, regardless of your platform.
Learn About DreamHost’s Other Features:
- A comparison of DreamHost’s plans and pricing
- We examine DreamHost’s customer service
- How to set up domain and WordPress on DreamHost
- A look at DreamHost’s cloud storage
