More Resources

Comparing Dreamhost
Uptime Guarantee
10 Security Tips

10 Security Tips For Your Dreamhost Server

Ensuring the utmost security for your web server is one of the most important aspects of web hosting. Dreamhost does a very good job through it's experienced IT staff of keeping your web server secure at all times. There are a few extra steps you can take on your end to make sure your websites don't get hacked. Combine this with what the IT team at Dreamhost does and you have yourself a very safe and secure web hosting account.

1. Change Your Account Password Every Couple Months

Many webmasters don't like having to change their passwords very often. But it's a security tactic worth doing and it's worth doing often. Every 2-3 months change your main Dreamhost account password to something complicated and something only you will remember. This main password to your account holds the keys to the fortress you absolutely cannot afford to have hacked. Take this step seriously.

2. Keep Applications Like Wordpress, Drupal, Joomla etc. Up-To-Date

These open source web applications are powerful, and can give you an edge over your competition. But just like anything on the web, they can be hacked if they are not updated to their most recent versions. Be sure to keep all of your open source scripts updated to their newest versions to prevent any type of hacking or malicious activity on your server. Most tools like Wordpress and Drupal notify you when your version is no longer up-to-date and provide simple instructions for upgrading.

3. Unique MySQL Usernames and Passwords for Each Database

When setting up new MySQL databases, you typically have the option of using the 1 Database user for all new databases you create. Although this takes a 1 or 2 extra minutes, take the time to create a new unique Database username for each and ever MySQL database you create. This way in case one of your databases get's hacked, the others are not automatically vulnerable because they share the same database connection information.

4. Be Careful What You Put On Your Server

This tip is more common sense than anything. Be careful what type of scripts and/or files you place on your Dreamhost server. Do some Google searching, read some comments and reviews, whatever it takes to ensure that what you are actually putting on your server is legitimate and reliable.

5. Be Moderate When Creating New Users

Your Dreamhost control panel gives you the option of creating new users for your account. Be extremely moderate and conservative in doing so. Remember that if you are wanting to create a new user account that can access your website via FTP, do not give that user full access to your Dreamhost account. Using the Dreamhost user manager all you have to do is create a new user with FTP access only.

6. Change Passwords To Applications Frequently

Just like you need to change your password to your Dreamhost account frequently, you should also change passwords to your web applications often. Let's say you have a couple Wordpress self-hosted blogs running on your Dreamhost server. Change the password on those blogs every couple of months. There are malicious hackers out there who will constantly try and gain access to your server by trying many thousands of different combination's of passwords.

7. Extra Security Measures for your Wordpress Blogs

Wordpress may be the most reliable and safe web application out there that you can host on your server. But that doesn't mean it's completely safe from hacking. This guide from Noupe.com will guide you through step by step some detailed instructions for taking your Wordpress security to the next level. If any of these steps seem too technical, you can get Dreamhost IT staff to accomplish these tasks for you.

8. Extra Security Measures for your Drupal Sites

As mentioned in the previous tip about Wordpress, the same applies for Drupal. Volacci.com has a very in-depth step by step tutorial on specific tasks you can do to improve your Drupal security. You won't regret following these steps.

9. Extra Security Measures for your Joomla Sites

Just like with Drupal and Wordpress, you need to preform a few extra checkups and tasks in order to fully secure your Joomla powered website(s). This checklist from Joomla.org will tell you what you need to do. Remember to contact the Dreamhost IT staff if any of these tasks seem to difficult or technical.

10. Communicate with Dreamhost Support Often

Last but not least, stay in contact with the Dreamhost Support team. If you see anything suspicious at all, contact Dreamhost Support and have them take a look at it. Remember it's just as important to them as it is to you that your server with them does not get hacked. And whatever intelligence they can gain from you in regards to suspicious or malicious hacking activity, they can use elsewhere on the other 1,500 web servers they manage for their customers.

I hope that helped! Other than taking these 10 extra precautions, know that Dreamhost really does do the rest. Dreamhost IT staff has done a fantastic job at providing the highest level of security and flexibility at the same time. If you have not yet setup your Dreamhost account remember it will cost you only $8.95/month with 1 free domain included and your setup fee waived.