Move from DreamPress to VPS for PCI Compliance?

wordpress

#1

I am working with a client who is a DreamPress customer. The PCI compliance on their site keeps failing because they want FTP totally disabled. Not disallowed, not FTPS, totally disabled. Is my only option moving them to a VPS plan?

We tried moving to VPS couple months ago but it was an absolute disaster. DH changed our plan from DreamPress to VPS and the site just did not work. Extremely slow loading, crashes, errors, etc… Luckily, they were able to revert it back. What could be the reasoning behind all of the issues?


#2

“FTPS?” You mean SFTP? You’d have to file a Support ticket. Shared, VPS, and DreamCompute all come with SSH access. I don’t see a way for DreamHost to block all of your server access. But maybe Support can think of a non-standard solution, as it’s not something you could do as a user…after all, if you can turn it off, then you can turn it back on.


#3

To put this into perspective…

Normally it’s someone on shared that posts about not being in PCI compliance because of ftp, and the advise we could provide is to move to VPS or dedicated, so it can be configured so that port 21 can is closed. Port 21 can’t be closed on shared, as it would effect all users of the shared server, not just the effected user.

Since in theory, DreamPress is just a VPS with specific settings, support ought to be able to disable it there as well. However it seems like they want to keep the dreampress environment very static across all dreampress VPS’s.


#4

Sorry, yes, I meant SFTP, not FTPS.

I have a support ticket opened. We’ll see what happens. This PCI compliance is really annoying. A lot of pointing fingers back and forth between the host and the PCI compliance scanner.


#5

We tend to keep all the DreamPress images the same to lower the support burden. If ever server is the same, when we have to move you to a new one because something’s on fire, we know it won’t hurt anything. Same code. Also it means less to trouble shoot. So the idea is that all the DP servers are the same. At this point, your client is asking us to make a totally custom DreamPress server image for them.

And they want SFTP disabled too? That’s new to me (I thought it was just you had to kill FTP only).

You may have to look at DreamCompute if you’re going to be needing that level of control, since there will be other (small) things that in the interest of keeping things the same, we don’t offer on managed WP hosting.