One of the things we admire most about #WPLDN is their commitment to diversity in the range of topics, formats, and perspectives represented throughout the year. They host an event every month, giving attendees the freedom to explore a wide range of topics while maintaining momentum and connections thoughout the year.

#WPLDN Ticks All The Boxes!

As someone who’s been part of the DreamHost story for years, I can say without hesitation that #WPLDN is a natural extension of everything we believe in: the open web, the power of WordPress and its creators, and the connections that bring us all together.

Their team has built a successful and trusted event format that brings WordPress enthusiasts together in the real world. Their thoughtful approach to programming and community engagement has made each event an essential local resource and a valuable touchpoint for Londoners looking to grow within the WordPress ecosystem.

Supporting WordPress Globally

While DreamHost may be based in the US, we have customers and team members around the globe. What drew us to WPLDN wasn’t just their commitment to WordPress as a driver of professional growth, although that certainly helped! It was their dedication to building a welcoming, inclusive space where anyone, from first-time bloggers to seasoned agency owners, can show up, learn something new, and feel like they belong. These events have a unique energy that’s hard to describe until you’ve experienced it: casual, insightful, and genuinely community-driven.

At DreamHost, we’ve been champions of WordPress and the open web from the very beginning. We believe the internet should be a place where ideas flow freely and creators have the tools they need to build, share, and grow. That belief is deeply rooted in the products we build, the people we hire, and the communities we support. #WPLDN aligns perfectly with that mission.

#WPLDN events are incredibly valuable for anyone working in WordPress because they offer a rare chance to connect face to face with peers in a relaxed, supportive environment, often over drinks and appetizers. While WordPress’ online community is vibrant and wide-reaching, some moments just can’t be recreated in virtual environments.

See You In London!

We’re proud to support #WPLDN, and we can’t wait to see you at an upcoming event. If you’re in the WordPress space and find yourself in London on the last Thursday of any given month, come check it out! You’ll find a vibrant, welcoming community and may even spot a few folks from DreamHost in the crowd. We hope to see you there!

The post Why We’re Sponsoring #WPLDN appeared first on DreamHost.

The 2025 “Sales & Customer Service” Stevie Award winners have just been announced, and we’re proud to report that DreamHost was the only tech company to take home the prestigious Gold award for Front Line-Customer Service Team of the Year!

Our Customer Support team was recognized for a number of improvements to its workflow and operations, including – among many other things – an overhaul of our knowledge base, the launch of several internal training programs, significant growth in self-resolution rates, and our adoption of AI tools to improve the overall customer experience.

That’s great! Why do I care?

All of these efforts have resulted in dramatic reductions in wait times for both support tickets and live chats, and we hope you’ve seen that reflected in all your interactions with DreamHost’s support team and associated resources. In fact, we know you’ve seen it, because we have the data to prove it! 😀

What are the Stevie Awards?

The Stevie Awards for Sales & Customer Service are the world’s top honors for customer service, contact center, business development and sales professionals. The Stevie Awards organizes nine of the world’s leading business awards programs, also including the prestigious American Business Awards^® and International Business Awards®.

Unlike many other “business awards,” the Stevies are truly merit-based, involving an extensive application process in which all applicants make evidence-backed claims to a panel of judges who weigh their impact across a number of categories. Based on our application, the judges agreed that DreamHost’s Customer Support team has been truly stellar in its impact on not only the business of DreamHost, but on the overall customer experience.

Not our first rodeo!

This win represents DreamHost’s sixth Stevie award win and is our second time winning Gold, joining our “Employee of the Year” designation in 2019. And we’re not stopping there – expect to see much more from us throughout the year!

Join the team

Did I mention we’re hiring? Consider joining our team!

From Customer Support to Software Development and everything in between, we’d love to have you join our award-winning team.

The post DreamHost Wins Gold Stevie® Award in 2025 Stevie Awards for Sales & Customer Service appeared first on DreamHost.

From free WordPress themes to optimization plugins to…hosting providers, The Monster’s Award is an annual collection of the best of the best in the world of WordPress.

DreamHost was nominated for Best WordPress Hosting Provider this year and – after three months of public voting – the results are in.

With 27% of the vote, DreamHost beat out 39 other nominees in this category to take home the 1st place prize!

We’d like to thank all of our customers and other “DreamHost appreciateurs” for taking the time to cast their votes for us. We’re touched that so many of you felt strongly enough to surrender your email addresses to a third party in pursuit of this prestigious honor.

We’ll continue work throughout 2024 to maintain the trust that you’ve shown in us as we help small businesses and other content creators own their digital presence with the power of WordPress.

The post DreamHost Named Best Hosting Provider in 2023 Monster’s Awards appeared first on DreamHost.

Service was largely restored within 12 hours, and now that the dust has settled we wanted to provide you with an update as to what happened, why it happened, and what our plans are to prevent it from happening again.

What Happened?

In short: On the morning of Thursday, November 2nd, one of the data centers that houses a large number of our servers lost power and its redundant power systems failed.

This should not have happened.  Our data center in Hillsboro, Oregon (“PDX1”) is run by Flexential, a proven leader in data center construction, management, and operations.  Flexential is responsible for providing power to our servers in this facility.

To their credit, their operational plan for dealing with power issues follows industry best practices and their redundant power systems are a key component to what is, by all accounts, a state-of-the-art facility.  However, as the events of last week have shown, the reality of an unexpected power event can have unforeseen implications and a ripple effect that can reverberate across the Internet.

Redundant Systems

A standard and common configuration for power redundancy within most data centers is to build in two fully redundant power systems.  Each system obtains its power from a utility via a unique, redundant path.  Each system also contains its own bank of UPSs (uninterruptible power supplies – aka “emergency batteries”) and a fleet of diesel generators sits onsite to power the entire facility if need be. 

While a full report from Flexential is forthcoming, what we saw from our end was a partial loss of power followed by a complete loss of power to our fleet of servers.  We want to be clear – this should have been an “impossible” condition and we had all assurances that it was, including a 100% power availability service level agreement (SLA).  These power systems are tested regularly and undergo regular, scheduled maintenance to ensure they will perform as intended.

During a typical data center power outage (planned or unplanned), UPS batteries kick into action automatically just long enough for the facility to activate its diesel-powered generators.

It is unclear why or how the UPS system failed, the generators failed, or how both of these automated, redundant, independent power systems managed to fail so spectacularly at the same time.  We believe this to have been a combination of a utility failure as well as a generator and  UPS failure. A full investigation is ongoing and we expect to receive results shortly.

Regardless of the cause, our focus and our priority during this event was to bring our machines back online and to restore service to our customers.

Our Response

We were first alerted to an outage at 4:41am local time on Thursday, November 2nd, via our own offsite monitoring tools.  We immediately dispatched members of our Data Center Operations team to the facility to begin the process of bringing services back online.  We published a status post shortly thereafter to help customers follow along with service restoration efforts.

Once we realized the full scope of this outage, our entire executive team was paged and placed on alert, while every specialist on our Infrastructure team (both local to the data center and those working remotely) was brought in to bring systems back online.

At some point during this response, the building’s access control system also lost power, making it a bit of a challenge for our team to gain entry.  When full power was finally restored to our portion of the datacenter at 6:08am, the redundancy that we’d built into our own internal power infrastructure worked as designed and as expected.

The Cleanup

Unexpected hard reboots and loss of power – at any scale – can cause both hardware failures and unexpected behavior in software.  As expected, we saw plenty of both.

While a single desktop PC or laptop may be able to gracefully recover from an unexpected loss of power, that is unfortunately not the reality within the context of a large data center installation.  With thousands of servers and dozens of switches installed at this location, it was a careful process (well documented and executed) to bring systems back online, test each of them for anomalous behavior, and to ultimately take corrective action as needed.

While no customer data was ever at risk, we did have to replace more than a few hard drives and sticks of RAM throughout our fleet of servers.  The unexpected power cut also caused some network switches to revert to older versions of their firmware, requiring upgrades and restorations from previously saved configurations.

After a long day of cleanup and many long hours put in by our technical teams, we were able to finally mark all major systems as restored, and we continued working into the night to identify and repair any additional systems that needed attention.  We resolved this incident at 4:49pm on Thursday, just under 12 hours from the initial power disruption.

Many of our customers saw service fully restored in under an hour.  Others had to wait much longer.  It was truly an all-hands-on-deck day for us in the data center, and we appreciate the patience and grace that many of you have shown in your messages to our Support team.

Next Steps

We’re in conversation with Flexential this week to understand where the failure(s) happened and what their plans are to mitigate this exact scenario from occurring in the future.

If you ever experience issues with your DreamHost-hosted sites and suspect a wider system outage may be the cause, be sure to make https://www.dreamhoststatus.com/ your first stop for information.  Updates on our system status are also cross-posted to @dhstatus on X.

We’re Sorry

If you were impacted by the events of last Thursday, you have our sincere apologies.

We realize that you chose DreamHost, not a data center, to be your trusted online partner.  You shouldn’t have to worry about who provides services to your website “further upstream”.  While we wanted to provide clarity into this event, we understand that the buck stops with us.

We’re sorry for the absolute inconvenience that this has caused to your sites, your businesses, and your online reputation.  We will do everything in our power to ensure that an event like this does not reoccur.

The post About Last Thursday… appeared first on DreamHost.

MobileCoin is a cryptocurrency designed from the ground up with privacy, price stability, and usability in mind. MobileCoin’s low-cost global payment network is key to the continued success of our global customer base looking for an inexpensive, easy-to-use payment platform.

What are cryptocurrencies?

Put simply, cryptocurrencies are digital currencies. They’re encrypted and decentralized payment systems. And there’s a lot of them out there. You’ve probably heard of Bitcoin — the world’s first cryptocurrency. In all, there are over 6,000 digital currencies trading today with names like Etherium, Dogecoin, and Brettcoin, to name just a few!

MobileCoin is simple to use.

MobileCoin aims to be as easy and intuitive to use as some of the world’s most popular payment systems. It was created with ease-of-use and a focus on the end-user experience at the heart of every design decision.

It’s fast.

Traditionally, most cryptocurrencies have been very difficult to use. Technical hurdles — combined with tremendously long transaction times that take hours (or days!) to complete — have caused many cryptocurrency enthusiasts to treat it as a long-term investment and not a spendable currency. Due to some smart architecture decisions, most MobileCoin transactions complete in under 10 seconds.

It’s secure.

MobileCoin is focused on user privacy. As its name implies, MobileCoin is meant to be a mobile-first cryptocurrency that integrates into secure communication apps like Signal and WhatsApp.

Our Involvement

DreamHost is proud to be a MobileCoin launch partner.

We’ve always embraced open source projects that help people own their digital presence, and MobileCoin ticks all the boxes. It’s a low-cost global payment network that helps all our customers, particularly our international customers, transact business safely and securely.

DreamHost will be inaugural members of the MobileCoin Foundation, and we’ll be donating our time and resources to run several smartly-designed, highly encrypted MobileCoin processing nodes on our network.

These nodes are just a first step. We’ll continue to offer advice and guidance through our seat on MobileCoin’s Technical Advisory Committee and can’t wait to see how our many small business customers choose to take advantage of this new payment technology.

The post DreamHost Joins MobileCoin Foundation appeared first on DreamHost.

Another fun fact: Pablo Picasso’s “The Actor” painting wasn’t one of the artist’s more known pieces. But its worth skyrocketed — and so did visitors — after a museum guest tripped and accidentally put an elbow into it, triggering a very costly repair job.

At this point you’re probably wondering where all of these tidbits are coming from, so we’ll fill you in: Museum Hack.

The company, which uses DreamHost to power its websites, offers renegade tours of some of the best museums in the world, but this isn’t your typical tour. The guides are all about storytelling and interacting with the group, sharing context and quirky facts that you wouldn’t get on your grandma’s museum tour.

Shared Hosting

Shared Hosting That Powers Your Purpose

We make sure your website is fast, secure and always up so your visitors trust you. Plans start at $2.59/mo.

Choose Your Plan

A Tour is Born

It all started in 2013 when Nick Gray went on a date to the Met and fell in love — with the museum. He went back with his iPad to research pieces he was interested in, things he could imagine being in his apartment. Soon he started giving tours to his friends, and one of them happened to be a writer for a popular blog.

The next day after the tour was posted about, Gray had a waiting list of 1,000 people who wanted to take a tour with him. He hired a tour guide to help him lead the groups and started charging for tickets to pay for that.

Now Museum Hack offers public museum tours in five cities across the U.S., as well as private tours and team building events in additional cities (it brought in $2.8 million in revenue last year).

“When we first started, we branded ourselves as museum tours for people who don’t like museum tours; they were meant to have a renegade spirit,” says Michael Alexis, Museum Hack’s director of marketing. “It’s very different from conventional tours. We aim to entertain people first and educate them as part of that.”

If you imagine a typical museum tour, you probably envision someone lecturing as you walk from piece to piece. But Museum Hack is all about being interactive and getting to know the group. You can expect activities like taking a picture of a painting you’d either like to burn or buy, then having the group guess which fate you have in mind for your snapshot.

“One of our pillars is it’s a social experience,” Alexis says. “Part of what we are competing with is not just other museum tours in cities, it’s literally everything — we’re competing with Netflix and iPhone games and whatever else. We found that the social experience is really important for making people feel it’s a great use of their time and making it memorable. People become more comfortable with each other and become friends on tour. It’s closely related to the VIP experience.”

Related: 10 Easy Social Media Tips for Your Hard-Working Small Business

Site Check

During each two-hour tour, a guide will typically share the stories of 10 to 15 pieces, bringing the group through a range of galleries. “Everything is story-based,” Alexis says. “It’s also passion-based, so each guide is creating the material themselves after seeing what catches their eye and what resonates with them. It’s like going to a museum with a really good friend who also happens to know a lot about the collection.”

Museum Hack offers overview tours as well as more niche ones. For example, “Badass Bitches Tours” is one of their most popular offerings at the Met. The two-hour tour explores feminism in the galleries, highlighting female artists and subjects, many of whom don’t get as much time in the spotlight.

Each Museum Hack tour includes a mix of crowd-drawers and lesser-known works. “We try to get a mix of both,” Alexis says. “A lot of Met tours include ‘Washington Crossing the Delaware,’ but they don’t have to. It’s not definitive one way or the other. We often do include showstopper pieces, but we generally prefer to try to show a side of the museum that people might not otherwise see on their own. If you go to the Louvre, you’re going to see the ‘Mona Lisa,’ but there are 100,000 pieces that also deserve attention and have stories behind them, and we try to celebrate that.”

Fearless Leaders

Selecting and training their guides is not something Museum Hack takes lightly. “Choosing tour guides is an intense process,” Alexis says. “If you’ve ever seen ‘American Idol’ or ‘America’s Got Talent,’ it’s not so different from that. We put out a call for people. A lot of them tend to be actors or comedians of some sort. It works well for them because it’s a part-time position for the most part, so they can do other things as well. For us, it’s great because performers are very good in front of people and in small groups. They are very good at reading the audience and how it’s resonating. Things we might take for granted, like speaking clearly and projecting your voice, is second nature for them. And there are similarities between a script you would read in a play and creating a script.”

After auditions, the guides must train for three months before they can lead tours of their own. During that time, they learn Museum Hack’s framework, including their exclusive “five elements of a hack” approach. While Alexis won’t give away all the secrets, he explains it’s about teaching them what makes a story compelling and personal.

“It’s not just any story about any object,” he says. “There needs to be this criteria. Every story must have a mind-blowing element, one thing you take away from it, which is cool. There are other pillars or priorities outside that story framework, including a sense of VIP — we want guests to feel like we rolled out the red carpet for them and every story is meant just for them; every tour is customized just for them.”

As guides create their own tours, they can pull from stories that the founder has added to the “Hacktionary,” the secret book of all the stories Museum Hack tells at the museums. Alexis estimates that if you see 15 items on your tour, three of them might be from that core library and the remainder is from research the guide has done. “If you went with the same guide two weeks in a row you’d see different things because we’re constantly developing new ones,” he says. “One of the operational headaches is the collections change. Sometimes favorites have moved onto storage or another museum, but that’s also what makes it interesting.”

Guides pull information from a wide variety of sources. Many of them have expertise beyond the museum. For example, one guide has a Ph.D. in biology and will use material from that field in their tours.

“The guides are constantly picking up books,” Alexis says. “One of our guides put together a custom tour for Dannon, the yogurt company and carried around a book on the history of yogurt for a week, so he could figure out how to find pieces in the museum that correlated with what he was learning.”

And of course, the guides do plenty of research online, too. They’re encouraged to look anywhere and everywhere for inspiration.

Team Spirit

In addition to their museum tours in New York City, Chicago, Los Angeles, San Francisco, and Washington D.C., Museum Hack also offers team building and corporate events in additional places, including in Philadelphia, Atlanta, and Boston. It’s worked with major businesses like Google and Facebook and customizes each tour to the company’s needs. The company will even ask what movie rating they want for the tour — are they looking for something more adult or PG-13?

Either way, Museum Hack guides aim to include elements to boost the workplace. “We build in activities to improve collaboration, leadership, etc.,” Alexis says. “Is there a piece about Napoleon in the museum? Then let’s talk about leadership in a way that’s related to Napoleon. Or we’ll do an activity where one person has to rely on another, for collaboration, and tell people why we’re doing it. We include this team building core to it.”

(Dream) Host with the Most

To keep their business booming, Museum Hack relies on DreamHost. “Notably, I’ve personally been a DreamHost user since 2009, so I’m going on a decade,” Alexis says. “We have several platforms and active campaigns, which we use DreamHost for.” For example, the company uses the domains teambuildnyc.com and teambuildingboston.org to drive traffic to museumhack.com.

One reason Alexis is loyal to DreamHost is that it’s so simple to operate. “It has a very user-friendly dashboard,” he says. “I can point people around it, and it makes sense for them. Part of that is the one-click install, which I’ve used dozens of times to set up WordPress sites, versus a manual install or something else you’d do to get that. We have a number of email accounts within the DreamHost dashboard. And I love that everything is unlimited. DreamHost is the only host I’ve used where we are not thinking about resource allocation and not worrying about going over, thanks to unlimited domains and bandwidth. It gives us a lot of peace of mind.”

Related: Want to Build a Website This Year? Here’s Your Game Plan

Alexis is also grateful for the solid, reliable customer service. “The very few times whenever I’ve had something come up — not with performance, but if I’m setting up a site or doing security — contacting customer service is super easy and super quick. You know what you’re getting and how to fix it.”

Additionally, DreamHost offers tools that make running a business easier, such as managing email lists and self-post tools, which is more “It’s also helped us having that unlimited capacity to scale up and launch websites,” Alexis says. “We can do it more quickly because we are ready to go when we create new accounts.”

And less time spent on the nitty-gritty details means Museum Hack can spend more time researching fascinating stories about what you’ll find in some of the best museums in the world.

The post Meet Museum Hack: Tours for People Who Don’t Like Museums appeared first on DreamHost.

Shared hosting is still one of the most affordable ways to establish and maintain an online presence, with more than enough power to grow with the needs of your website or web app over time.

This year, we’ve been working to make DreamHost’s shared hosting even better and wanted to catch you up on all of the great enhancements.

We’re currently in the process of upgrading the operating systems that run our shared hosting services. Ubuntu LTS version 18.04.2, also known as “Bionic Beaver,” will soon power all of our shared hosting web servers and MySQL database servers. In the future, Bionic Beaver will be the default OS on all of our managed hosting services, including our Virtual Private Servers and Dedicated Servers.

We’re also in the process of rolling out the latest version of PHP: 7.3. You may recall that PHP 7.0 was approximately twice as fast as PHP 5.6 when it launched in 2016. PHP 7.3 has shown itself to be faster still — 22 percent faster than even 7.0! With PHP-based apps like WordPress becoming more and more popular across the web, that extra speed is crucial to keeping things running smoothly.

We’ve also doubled the amount of RAM that shared hosting users can access. RAM-hungry web apps (and their plugins) are more popular than ever, and the extra memory ensures they’ve got plenty of breathing room.

Combined with some new Linux kernels that we’ve custom-built to address the unique needs of a shared hosting environment, the entry-level hosting experience at DreamHost has never been faster, more powerful, or more secure for as long as we’ve been doing this hosting thing!

As powerful as shared hosting is today, you can always upgrade your DreamHost experience to a Virtual Private Server for access to even more computing resources, should you ever need them. Upgrading to a VPS takes just a few seconds, and the migration of your data is automatic and instant.

No matter what you host with us or how you host it, rest assured that we’re always looking for ways to add new features, power, and value to your DreamHost experience. Thanks for letting us!

The post Shared Hosting Enhancements for 2019 appeared first on DreamHost.

It was a quieter place, for sure. People were still trying to figure out what to do with tools like Gopher, Usenet, and, of course, the web. It was a time of experimentation and creativity. It was, for lack of a better term, open.

The Open Web

Back in the day, it was common for people to “view source” on any web page and, after doing it enough times, have a pretty good idea of how to build a website. That’s how a lot of us learned the forgotten art of HTML. Have you tried doing that lately? In a world of minification, deliberate obfuscation, DRM, and advertising trackers, that’s all but impossible on the web of 2018.

The early web was a very open place. Anyone could publish and access content using open web standards of the day. There were no advertising networks. There were no social media platforms looking to exploit the content of their users for financial gain at every opportunity.

There were fansites and web rings and proto-blogs galore! It was an exciting time full of limitless possibilities for content creators. You never knew what you’d find.

Today we’ve seen a lot of proprietary technologies and walled content gardens (like Facebook) usurp and displace platforms and networks that had enabled users to own their online content entirely. It’s much more likely that anyone sharing content online today has surrendered some control of that content to a third party.

That surrender often happens in the form of clicking of a single checkbox, signifying compliance with unread and unfairly restrictive terms of service.

Who Owns Content?

The Open Web isn’t just about technology or access; it includes the freedom to produce content itself.

DreamHost is — and always has been — a content-neutral service provider. We believe it isn’t the place of any web host or network provider to impose restrictions on what its customers can and cannot share online. True to that vision, we’ve never asserted any rights, control, or ownership of any customer data shared on our network.

Strictly speaking, we don’t publish or own our users’ content — they do.

Our customers trust us to respect their data and their rights to share it online as they choose. However, there are limits to the protections we offer.

Drawing the Line

As a service provider operating lawfully in the United States, we prohibit all illegal content on our network.

We have to. It’s the law. Laws are good. They protect people.

“Illegal content” in this context can include web content, files hidden from public view, and any activities that could have a detrimental effect on our network and our servers.

Both DreamHost and law enforcement regularly receive concerns about sites owned and published by our customers. We often work hand-in-hand to assess and act on sites that are clearly in violation of our Acceptable Use Policy, Terms of Service, or of any number of various legal statutes.

Illegal content has no place on our network, and we vigorously enforce our content policies.

Open Content

The internet has never held more opinions than it does today. People have never been more vocal about what’s important to them, and online discourse has, unfortunately, never been more divisive.

As you can imagine, the “Is it legal?” approach to customer content has often led us right back to the U.S. Constitution’s First Amendment. We see the First Amendment as being inextricably intertwined with a truly open web.

As the EFF has said, “Free speech [online] is only as strong as the weakest link.” DreamHost has made a conscious choice to not be a weak link in the chain between content creators and their audiences.

It’s important to note, however, that not all speech is protected speech, and rightly so. Examples of unprotected speech include incitements to violence, threats, solicitations to commit crimes, and more.

This type of speech, which can lead to direct physical or emotional harm, can be illegal, and as such, it falls outside the scope of our acceptable use policy.

The Downside

As an online service provider, the problem with standing up for free speech and an Open Web is that you end up inadvertently allowing some giant assholes on your network. When you give voices to everyone, that really means everyone.

Online or off, freedom of speech applies to all speech. As a human being with fully functioning feelings, it’s impossible to ever “be OK” with all of it. And we’re really not. But it’s not our place to be.

Anyone who works at DreamHost can relate tales of customer websites on our network that espouse viewpoints and beliefs that absolutely do not represent our view of the world as individuals. There are many sites on our network that many of us would, frankly, rather not host at all.

However, DreamHost remains committed to a free and open internet where messages of peace and acceptance have as much right to be shared online as content that is less-widely accepted.

The freedom to express oneself online, to share content and opinions, to give voices to the marginalized, is the purest expression of the web’s potential to foster understanding and collaboration.

Choosing to silence any voices we don’t agree with sets a dangerous precedent. As the EFF notes, “We would be making a mistake if we assumed that these sorts of censorship decisions would never turn against causes we love.”

Staying True to Ourselves

Our obligation to the web as a service provider is to give our users an open platform to share their content in whatever manner they choose. In fact, that’s basically our vision and mission statement.

One of our eight core values even speaks to this.

Taking Action

If you ever run across a DreamHost-hosted site that you believe may be violating either our Terms of Service or our Acceptable Use policy, please do not hesitate to contact our Abuse team. We investigate all reports thoroughly and take action as appropriate.

If you believe a customer of ours is hosting illegal content, it’s often a good idea to go directly to law enforcement who will then contact us as needed. Law enforcement has access to crime-fighting tools, data, and procedures that simply are not available to businesses. They work tirelessly behind the scenes to gather information, build cases, and prosecute people.

The Changing Web

Our content policy has been the subject of much internal debate and discussion over the past few years. We continue to have regular conversations about our commitment to an open web and our place in it. We still believe in the promise of an internet that gives everyone a voice and will do whatever we can to protect it.

The post Keeping the Web Open appeared first on DreamHost.

Online businesses and website owners often act as stewards of sensitive personal data they’ve collected. With the recent implementation of the GDPR — sweeping regulations governing data security and privacy in the EU — you might be worried about how you’re storing and protecting other people’s information, and whether that data is safe and secure.

Aren’t you?

via GIPHY

The new personal data laws from the EU are putting the onus on you to ensure you’re being compliant, but we’re here to give you a few pointers. The General Data Protection Regulation focuses on giving citizens more control over their data on the web.

In addition to empowering users to decide what happens with their information, the GDPR also includes new rules on how organizations should handle that data. All of this may require some action on your part — even if you’re not based in the EU. Here’s what you need to know, and what you can do to stay on top of it.

Related: DreamHost is GDPR Compliant

What You Need to Know about the GDPR

1. The GDPR is here.

That’s right: The GDPR went into effect on May 25, 2018. That means that if you haven’t already updated your website to comply, you need to start doing some catch-up. The rest of this article will give you some tips and resources about what that entails. Don’t panic! After reading this article, we recommend heading over to the official GDPR website to get up to speed.

2. The GDPR applies to the “personal data” of people in the EU.

There may be many reasons that a website collects user data: to facilitate a purchase, distribute a mailing list, target advertising, or determine the most popular kind of content. Whatever the purpose, if that data pertains to an individual visiting the site from an EU member state, the GDPR applies.

Website visitors don’t even need to be an EU citizen — if they’re visiting the EU from, say, Ghana or Brazil, and they visit your site, your site needs to protect their rights under the GDPR.

Although the regulation is based in Europe, it is actually more far-reaching than it seems at first glance. If your business has any connection to Europe, whether through customers or partners (even just one!), you should be aware of what the law requires.

3. The definition of personal data is expanded in the GDPR.

When we think of personal data, things like name, address, and phone number might come to mind. There is much more to it than that, according to the GDPR’s definition. Going beyond the details that would normally be considered personally identifiable information, the GDPR states that any information “specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person” are under protection.

Given these broad parameters, it’s safe to assume that anything that identifies a person can fall under the definition of personal data. If you’re not sure that it counts, it probably does! In fact, the GDPR’s definition of personally identifiable information is “any information relating to an identified or identifiable natural person.” So, there you have it.

4. Any entity that controls and processes this data must comply.

The actual GDPR documents make references to collectors and processors of personal data. Not sure if you’re a controller or a processor? Read on.

A data controller is an entity — a business, organization, or individual — that makes decisions about what data is collected and how it’s used. A data processor collects, stores, and transfers that data once it’s collected. So if your organization handles any sort of data of people in the EU, or partners with one that does, it’s time to get on board.

5. The new laws require consent to collect data.

You may have noticed that a lot of websites and apps have updated their privacy policies and terms of use lately. That’s all because of the GDPR. If an organization expects anyone in the EU to visit its website, the company needs to include information asking for consent to collect user data.

Related: Your 2020 Website Redesign Checklist

The updated policies must include information about what data is collected, why it’s being collected, how long it will be stored, as well as how it will be used and who will have access to the data. All of this needs to be stated clearly on the website in a noticeable place.

GDPR compliance requires active consent — not passive methods, like a pre-checked box. The GDPR will have little tolerance for dark UX practices that trick people into agreeing to or signing up for things or poor blog design that hides pertinent information.

These notices are required even if the most basic type of data is being collected. USA Today has taken an interesting approach to GDPR compliance by hosting two separate instances of their website — one for EU users and another for all others. The EU-oriented site doesn’t collect any information other than a user’s IP address so it can direct them to the correct site — but USA Today still has to notify users that the company is collecting that information.

6. There are stricter requirements for data security under the GDPR.

Compared to the previous EU legislation on personal data privacy (the Data Protection Directive, implemented in 1998), the GDPR has more prescriptive responsibilities for data controllers and processors when it comes to security.

If you’re dealing with people’s personally identifiable information, you need to do your due diligence to guarantee the information is fully protected. There could be multiple solutions to this, depending on the data being collected, the technologies available, and your budget. Some security measures the GDPR suggests include encrypting data, ensuring that systems and services enable confidentiality, providing the ability to restore access to personal data, and maintaining a process for evaluating system security.

These are just some of the strategies that organizations can use to demonstrate they’re complying with the GDPR. You may have already taken them into consideration, or you may have to add some components to your security plan.

With these new standards, you might be concerned about the cost to your business to comply. Security doesn’t have to be expensive, however. Several providers — DreamHost included — include SSL/TLS certificates for free to encrypt web traffic to customers’ sites.

7. Data breaches must be reported to people whose data was compromised.

Another new aspect of privacy laws as mandated by the GDPR is the requirement to notify users when a data breach has occurred and may have affected their personal information. The GDPR defines a personal data breach as an event that leads to “the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.” This protects well beyond the risk of fraud or identity theft (which would result from access to financial records) to include unauthorized access to anything defined as personally identifiable information.

If a personal data breach occurs that “is likely to result in a high risk to the rights and freedoms of individuals,” data controllers have the obligation to quickly notify the affected people. There are few exceptions to this rule, such as when encrypted data would be unintelligible to unauthorized users or when the controller takes actions after the breach to prevent risk. The particulars of this rule may be open to interpretation and discussion, but when in doubt, the GDPR takes a strong, comprehensive stance on protecting user data.

If the data controller has a main office in the EU, they must also notify the supervisory authority in the EU member state where the organization located. This communication needs to be made within 72 hours of when the breach is identified.

Hosting your organization’s website on a secure and stable server helps prevent personal data breaches. DreamHost’s plans all have top-notch security through Let’s Encrypt SSL/TLS certificates, which safely encrypt data traveling through a DreamHost site.

If you’re choosing between shared and VPS hosting you can rest assured that personally identifiable information is secured. Our dedicated hosting plans keep personal data on even tighter lockdown.

8. Data controllers must give users access to their data when requested.

The meaning of this aspect of the GDPR is straightforward: if a user wants to see the data that you’ve collected on them, you have to hand it over within a reasonable amount of time. The path to achieving this might be a little more winding, however, depending on your current circumstances.

To grant these requests, you’ll need a system for customers to submit requests and staff that can fulfill them. Technology that allows for personal data export will also be necessary. In Article 15, the GDPR outlines several other related rights to information, such as who has access to the data and how long it will be stored.

9. Users in the EU have “the right to be forgotten.”

Another provision related to data access is what the GDPR calls “the right to be forgotten.” In Article 17, citizens are given the right to request that their data be deleted from a controller’s system. They can do so for any number of reasons, which include withdrawing consent to process the data.

The law reads as if there may be any legitimate reason for requesting erasure of personal data. It does, however, give guidance on when an organization could deny such a request. If the processing of the data is deemed necessary for “exercising the right of freedom of expression and information,” meeting legal obligations or establishing legal claims, or serving the public interest in certain ways, an organization need not comply.

10. Brexit doesn’t exclude the UK from the GDPR — yet.

The GDPR still applies to companies in the UK, despite the country’s pending departure from the EU. Once Brexit formally happens, the GDPR will no longer govern British data security. However, the country’s Data Protection Act is nearly identical to the GDPR — all the way down to the same May 25 start date. If you’re GDPR-compliant, you should be covered with the UK law, as well.

11. Violating the terms of the GDPR comes with a hefty price.

Don’t try to get away with avoiding or ignoring the GDPR — it will cost you. The highest penalties for non-compliance include fines of up to €20 million (more than $23 million) or 4 percent of global revenue, whichever is larger. This level of punishment would be reserved for the worst offenders, but it’s not worth finding out how minor misdeeds will be handled.

Aside from taking your money, the EU data protection authorities could also take away some data collection privileges from your company — or even ban you from collecting data altogether. Just do the right thing!

12. The emphasis of the new rules is lawful use and fair business.

The GDPR is intended to unify the data regulations of all EU member states. With the new laws, the rules are clearer and the playing field is more level in how EU businesses handle the collection and use of personal data. At the same time, it puts a strain on businesses in other countries to be compliant.

However, the push for security and transparency could be good for business in the long run, and it all has to do with customer perception. In recent years, there has been an increase in data security breaches, as well as added publicity surrounding the collection and use of people’s data.

In this age of data exchange, the GDPR is also meant to increase citizen trust in businesses by providing them with greater protections. The regulations are widely considered a win for individual privacy rights. But while it might be painful to have to update privacy notices — and possibly change data usage policies in your company — the GDPR has the potential to give customers greater confidence in commerce. The philosophy, in a nutshell, is that what’s good for the customer is good for business.

The post 12 Things to Know About the GDPR and Data Security appeared first on DreamHost.

It. Was. Awesome.

Privacy Matters in Europe

Belgium’s Guy Verhofstadt, my new favorite person in the world, asked honest and tough questions that ultimately never got answered. But you can clearly see the fire in his eyes and the passion in his voice for protecting internet users’ personal data.

How can you not love this man? Throughout the entire hearing, I wanted to high-five and hug him all at the same time! And then I’d treat him to a fine steak dinner and we’d be friends forever.

Unlike the countless (and clueless) softballs thrown by some members of our own Congress back in April, members of the European Parliament pulled no punches. They asked educated, pointed questions and made absolutely clear that the safety of user data was paramount among their concerns.

Facebook may have been the subject of this hearing, but Europe’s support of internet user privacy, and indeed the very right to be forgotten, has been a recurring theme in their quest to help EU members have a say in how their personal information is used.

Privacy issues often take center stage in Europe, and nowhere is that more evident than in the many, many pages of the General Data Protection Regulation, or GDPR, which takes effect today.

Related: The History of Internet Privacy

GDPR

Debated for four years and ultimately passed in 2016, the GDPR is groundbreaking regulation created to give EU citizens full control over their personal data on a modern internet that often seeks to monetize and exploit that very same data at every opportunity.

The GDPR gives legal rights to people whose personal data is collected and used by online businesses and other groups. It even imposes penalties against these service providers for misused or mishandled personal information.

You can read the full text of the order at gdpr-info.eu. It’s long and good and, much like this hot dog, should make you feel better about being alive.

New Privacy Policy

Over the last few weeks, you’ve no doubt been getting a crapload of spam from anyone who’s ever collected your personal information trumpeting their new privacy policies.

That’s a weird coincidence, right? What are the chances that all of these people got together and decided to make the internet better on their own, all at the same time!?

The obvious truth is that they’re not updating their policies because it’s in your best interest.

They’re doing it because the GDPR is forcing them to, AND it’s financially in their best interest to retain their European users. 🙂

OR, maybe they’re a little more like us! Maybe their Privacy Policy was already in pretty good shape and only needed to have more explicit detail added.

Yes, we’ve updated our own privacy policy to even more explicitly call out our data collection and usage policies. We did this happily, gleefully, and with the utmost respect for your personal data.

You may have noticed we made a conscious decision to not spam you about it, too. You’re welcome.

NEW: Privacy Center

All current DreamHost users now have access to a new section of their control panel that we’re calling the Privacy Center.

As of today, you’ll be able to use the Privacy Center to set your DreamHost email contact preferences. We’re working to add even more functionality to it in the future – not strictly required by the GDPR – allowing you to specify your preferences for even more control of your personal information.

The goal of our Privacy Center is for you to be able to control as much of your personal information as possible all in one place.

Related: How to Update Your Contact Information and Privacy Settings

Internal Process Changes

How we handle data behind the scenes has changed a bit as well. Without boring you too much, I can say that we’re GDPR compliant “back of house” as well.

For example, we now delete web server log files after 72 hours and will soon be encrypting them altogether.

Domain Registration

Nothing is changing about our free WHOIS Privacy Protection. If you’re currently masking your domain registration details using our privacy settings, those settings will remain in place.

Enom, our domain registration partner, has implemented their own implementation of GDPR’s rules: a gated WHOIS system.

Until ICANN pulls its head out of its ass and enacts permanent rule changes rather than panicked last-minute stopgap measures, we believe that Enom’s approach is probably the best way to handle things for the time being.

Related: What Is Domain Privacy Protection?

Europe Only?

GDPR is a European regulation, so if you’re in the U.S., you shouldn’t have to care about any of this, right?

Wrong. Any online organization that provides service to EU members, regardless of where in the world it may be located, is required to treat those members in accordance with the GDPR regulations. That means that GDPR’s ultimate implementation is likely to have some impact on nearly every internet user.

We believe that GDPR represents an advance in the rights of all internet users, and we’ll be applying all of these changes to our entire user base — not just those users located in the European Union.

The Future

The GDPR represents a giant step forward in protecting the personal information of anyone who has ever typed their name or email address into an internet-connected computer.

DreamHost’s vision statement is, and has been, very simple: “People have the freedom to choose how their digital content is shared.”

Personally identifiable information falls under that umbrella, and we’re thankful to — and grateful for — a European Parliament that has seen fit to bring this same sentiment to the global stage.

The post DreamHost is GDPR Compliant appeared first on DreamHost.

That’s the nickname six-year-old Martha Lenio gave herself as she spent her Ontario, Canada, summers gazing up at the stars and dreaming of visiting another planet.

Today her dream job is still to be an astronaut, maybe one of the first humans to explore — you guessed it — Mars. But for now, while Earth-bound, Lenio is drawing on her space-smarts to help save her home planet as the owner and founder of Mars Green, a renewable energy consulting company she promotes using her DreamHost website.

“Most of my work is with solar energy,” says Lenio, who officially started her small business only last year. “I come on to larger projects with solar experts and help them with whatever they need — usually usability studies, financial analysis, or design.” She also tackles smaller projects like energy audits, and much of her work has taken her to far-flung corners of the Yukon.

A Space-Age Domain

The consulting company’s name holds several meanings for Lenio. For one thing, it’s a stamp of her personality, drawing on her childhood nickname combined with her passion for a more “green” energy friendly planet Earth. “I think of it as Martha’s Green Consulting, but with a little added extra flavor,” she says.

“Mars” also represents the ideal Lenio strives for when it comes to finding solutions that maximize renewable energy.

“I think a mission to Mars is the ultimate sustainability challenge,” Lenio says. “You would have to recycle all your air and water. All your energy is solar power. You should be ideally leaving zero footprint. So if we can learn how to do that on Mars, we should be able to do that here on Earth. I like a challenge.”

An important piece of Lenio’s brand sits in her website’s URL. “I wanted people to know that I am in Canada,” she says. “I was glad that I could get a .ca domain from DreamHost because you can’t get that from some of the other hosting companies.”

Domains

Your Great Idea Starts with a Domain Name

Don’t let someone else register your URL. Search DreamHost’s 400+ TLDs to find the perfect fit for your website.

Master Your Domain

Mission to Mars via Hawaii

Lenio has been fascinated with the intersection of space and sustainability since college, studying mechanical engineering at the University of Waterloo (where she started a space-appreciation club that’s still going strong) and earning a doctorate in photovoltaic engineering (which, in case you didn’t know, means turning light into energy) from the University of New South Wales in Australia. After college, she worked in Silicon Valley for several years in R&D for solar companies.

Through all that, her dream of becoming an astronaut burned bright — and, in 2015, she got a taste of life on the Red Planet. “I wanted to get into the space sector, and I heard about a NASA-funded Mars simulation, so I threw my hat into the ring.”

After a year-long selection process, Lenio was chosen to captain a team of six “astronauts” living together in a Mars simulation dome in Hawaii for eight months. The would-be Martians lived every day like NASA astronauts, conducting research, growing their own food, relying on limited communication and supplies from the outside world, living sustainably, and leaving the dome only when clad in authentic space suits.

Related: This DreamHost User Is Saving the World — One Seed at a Time

The whole thing was ultimately a psychological experiment, explains Lenio. The trip to Mars is long and isolating, and the first crews sent there will have to get really cozy. “NASA wants to learn how to support a crew without them going crazy and killing each other,” Lenio says, laughing. Luckily, her “crew” made it out alive.

“The first six months were pretty easy; we all got along pretty well,” Lenio says. “The last two months were more intense and there was a lot more conflict that arose, but we are all still friends today. There are things you have to do to survive on Mars. You have to work out for 1.5 to 2 hours every day, you have to maintain the habitat, you have to be doing research, and you also have to take the time to hang out with your crew members and have fun. There are no slackers on Mars — you have to take care of each other.”

From Solar Flares to Consulting Biz

Hungry for more, Lenio applied last year to the Canada Space Agency’s 2017 astronaut open recruitment campaign. Of 3,772 applicants she made the agency’s first cut down to 72, qualifying for stringent training and aptitude testing. Lenio didn’t make the final team, but she’s still got Mars on her mind. “I wouldn’t want to do a one-way trip to Mars, but I would still like to go one day,” she says. “Having done the simulation, I know that I can mentally hack it.”

But for now, she’s focused on using her lessons in Mars sustainability to make Earth a better, greener place. And if she can’t live on Mars right now, her home country is the next best thing.

“I always wanted to come back to Canada,” Lenio says. “We don’t have solar silicon device R&D in Canada like they do in Australia or California, so I had to rethink how I could fit into the larger sustainability picture in Canada.”

Enter Mars Green.

After adjusting to life after “Mars,” Lenio retrained in solar installation and systems design and used connections she forged during that processes to partner her newly hatched consulting biz with solar-installation companies and projects.

“One of my first projects was a feasibility study for the Yukon Energy Corporation,” Lenio says. She was tasked with scouting out two spots in the Yukon for a solar plant, then determining which technologies would make sense there, and how much everything would cost. “It involved a lot of simulation, which I quite enjoy,” says Lenio. “It was my first big project so I wasn’t sure what to expect, but it was really well received and lead to more projects, so I’m pretty proud of that one. This project was the first indication that maybe this will work for real.”

Starting a business for the first time always poses a steep learning curve. “There’s a lot more to running a business than my technical experience,” Lenio says. “There’s a lot of little things that you don’t think about, like writing contracts to hire employees or setting up the website, that can take a lot of time and effort to get right.”

Building a Green Website with DreamHost

Luckily, Lenio found a partner to help her take the headache out of the little stuff. “DreamHost made the peripheral details that I don’t think about, especially with my website, really easy to do,” she says. Lenio had some experience with WordPress but didn’t have the coding skills — or the time to learn them — to create the professional look she needed to represent her work.

“When DreamHost launched Remixer, I was like, ‘OK, perfect!’” Lenio says. “I can have something that’s affordable and looks good with very minimal effort. That was a great addition.”

Website Builder

On the Hunt for the Perfect Website Builder?

We now offer WP Website Builder, a suite of premium tools and plugins, to make it even easier (and faster) to get your website online!

Launch Your Site

Remixer took the technical work out of building a beautiful website, allowing Lenio to customize themes to finetune a look that brands her work. Her website shines with photos of the sun she took herself around the world, and she hopes to add more original photos and examples as she expands her work on new projects.

“I want visitors to my site to get a sense for the breadth of my work — that I don’t only take on standard projects but also smaller and niche opportunities.”

Lenio initially relied on Google tools to run Mars Green and was happy to see that her existing accounts merged seamlessly. “DreamHost plays nice with other online tools like Google and WordPress,” she says. “I can buy my domain through DreamHost, but I’m not committed to using anything else; I can still use other products and servers with DreamHost. They leave it open for what people want to use. And I like that.”

Lenio says her painless experience with web hosting helps her stay focused on the work she loves.

“I like working in the area of renewable energy in Canada,” she says. “I’m doing what I want, where I want to do it, and I really love that freedom to pick the projects I’m interested in.”

The post DreamHost Customer Uses Lessons from Space to Brighten Earth’s Future appeared first on DreamHost.

It’s 2016 now and the internet is full of more sketchy weirdos than ever! Having an open registration system where anyone can see your home address seems like a colossally bad idea.

Any threat to the ability to anonymize domain registrations‘ contact data is rightfully met with universal criticism and worldwide derision.

In 2013 ICANN made major revisions to the RAA (Registrar Accreditation Agreement) that governs registrars’ responsibilities. These changes were so major that we went from hearing from ICANN maybe 2 or 3 times a year to—after 2013—several times per week. These contacts almost always involve domain registration disputes or other issues on which we’re required to act.

Related: What Is Domain Privacy Protection?

Registrars like DreamHost are obligated to resolve these issues to ICANN’s satisfaction or we risk losing our ability to register domains altogether!

That brings us to today. 2016.

ICANN has recently informed us that, in their view, we’re running a domain registration “Proxy” service, not a “Privacy” service. They make the distinction thusly:

• “Privacy” services must show the registrant’s (customer’s) name. Only “Proxy” could hide this.
• With “Proxy” services, the registrar becomes the registrant, or “owner” of the domain, and licenses the use of the domain to the customer.

First of all, we’re not familiar with ANY registrars who offer a service where everything is hidden except the registrant’s name. Are you?

No, really—we want to know. Please tell us in the comments below.

We knew right off the bat that revealing our customers’ names publicly in WHOIS was a non-starter, so we started discussing with ICANN how we could transition our operations to fall under their definition of “Proxy” to keep the status-quo for our customers’ WHOIS privacy.

In reviewing how other registrars handle Proxy registrations, virtually all of the ones we looked at have third-party companies listed as the “Proxy Provider”. In some cases those providers are entirely separate companies, but in most cases they are a company fully owned by the primary registrar.

It’s notable that presumably the registrant shares some ambiguous, enhanced legal liability for the content of websites whose domains it appears as registrant for, which is likely why so many registrars choose to use a third-party or second self-owned corporation as a liability shield.

At DreamHost our Legal and Abuse teams have always gone the extra mile for our customers, erring on the side of customer privacy and respect for their data. We receive hundreds of frivolous and spurious complaints every week and work hard to protect our customers interests whenever possible.

Giving up key decision-making control in these situations was not something we were prepared to do, so using a third-party Proxy Provider (that would become the registrant of all our customers’ domains) was not. Gonna. Happen.

Instead we chose to create our own new company, “Proxy Protection, LLC,” to serve as the Proxy Provider. That lets us keep all implementation and Abuse decisions in-house where they belong.

As a customer with Domain Privacy … ugh … “PROXY” enabled, the most visible change will be one that won’t affect you much at all.

The registrant name that appears in WHOIS will change from “A Happy DreamHost Customer” to “Proxy Protection, LLC”.

This will effectively mean that Proxy Protection, LLC is the registrant of the domain. However, we are amending our Domain Registration Terms and creating a new licensing agreement that essentially says that all of our customers will still control their registered domains and are responsible for the content of their websites.

Domains

Your Great Idea Starts with a Domain Name

Don’t let someone else register your URL. Search DreamHost’s 400+ TLDs to find the perfect fit for your website.

Master Your Domain

We’re jumpin’ through some serious hoops to make this as seamless as possible for all of our customers, and we hope you appreciate it! We expect to have all private domain registrations changed over to “Proxy Protection, LLC” by October 31st, 2016.

ICANN has chosen to apply this policy very unevenly across the industry. In an attempt to clarify the policy we’ve pointed out to them that nearly all of our competitors offer a domain privacy feature that populates the name field with things like “Registration Private,” “Domain Admin,” “Domain Privacy Service FBO Registrant,” “Contact Privacy Inc. Customer xyzxyzxyz,” and more. After thanking us for the feedback, ICANN has taken no visible action against any of the domains we’d cited, and none have been updated with the format being demanded of DreamHost.

A small percentage of our customers will receive a new RAA domain verification email with a link to click to confirm the change. If you receive one of these emails, remember to follow its directions to verify your contact information.

While we happen to have gotten on someone’s bad side this week, it’s possible that changes are in store for other registrars in the near future, too.

By making these changes on our end, our customers should be able to continue living a life of peace and comfort, un-harassed in the real world by crazies from the internet who choose to take issue with their choice of domain name or website content.

I mean… we had to set up a whole new company just to keep our customers’ contact information private. Did you miss that part? We definitely did not.

Sometimes doing the right thing involves a hell of a lot of paperwork.

PEACE OUT!

Feature Image: Stalker | Patrik Nygren | CC BY-SA 2.0

The post DreamHost Domain Privacy Update appeared first on DreamHost.