DreamPress Managed Service - Security


#1

Recently a non-profit I support was hacked. The hack caused the team to re-evaluate their hosting solution and look at alternatives.

Ultimately they decided on using Bluehosts Wordpress managed solution and one of the primary factors that drove that decision was the fact that Bluehosts solution has a security feature prominently displayed as part of the package (Sitelock).

As a customer of Dreamhosts for 15 years, I also did suggest the team look at Dreampress, but it was a much more difficult sell due to the lack of any mention of security as a feature of the platform (other then automatic upgrades of Wordpress).

So bottom line, SMB’s are increasingly looking for security solutions as part of their hosting investment and Dreamhost should do a better job highlighting that capability and perhaps even considering partnering with a company like Sitelock…

I think that would give many SMB’s piece of mind about security and help differentiate Dreamhost’s managed solution.


#2

It’s valuable feedback to keep in mind; A host should be concerned with how a customer feels about their hosting environment’s security.

However, it is often the site code’s vulnerabilities that are exploited and not the hosting infrastructure. I think this article hits the nail on the head in regards to this issue from a web host’s perspective without being condescending: http://perezbox.com/2014/11/how-hosts-manage-your-website-security/

(The article addresses how other third-party security add-ons like Sitelock works briefly and it’s not much different from the preventative blocks a typical host employs.)

That said, a host can definitely have vulnerabilities and they absolutely should address those quickly and swiftly. As for what you can do, keeping your WordPress, plugins, themes, and any other things you add to the site updated really is the best preventative measure when coupled with some of the other suggestions here: http://codex.wordpress.org/Hardening_WordPress

Regardless, peace-of-mind for customers is important, so I’m not trying to dismiss your point at all or anything. Maybe it would be beneficial for them to employ a third-party solution like you suggested to improve the customer’s perception.