dreamhost hacked

DreamHost Hacked

by
👤 By Tommy | Updated · April 9, 2023

Do you have a website that keeps getting hacked? Is your server getting compromised often? It could be a security breach with your host. But in 95% of such cases, your vulnerability is due to insufficient security at your end.

DreamHost has experienced many such breaches recently. And we know this because we’ve personally cleaned several infected websites for our clients. If you too have suffered from this, here is a tutorial to recover your DreamHost hacked website.

Let’s first find the cause of hacking in our next section.

Contents show

Why was the DreamHost website hacked?

There could be multiple reasons behind the hacking of your DreamHost website:

Vulnerable WordPress Plugins

wp plugin vulnerabilities

The most likely reason behind a hacked DreamHost website are vulnerable WordPress plugins. WordPress is a target for hackers performing bulk attacks as it remains the most mainstream content management system (CMS).

These hackers probably utilize automated scanning tools for infecting WP sites. This way vulnerable, unsupported, and out-of-date plugins are targeted without even needing human intervention.

Weak Passwords

weak wordpress password

Using generic or dummy passwords also paves the way for hacking. Many website owners also reuse passwords they use on other sites. So it becomes easier for hackers to crack them and infect the website.

Untrusted Installations

untrusted wp installations source wordfence

Installing themes and plugins from untrusted sources is another major cause of hacking.  Such WordPress installations might have several security vulnerabilities. It is also equally important to keep these installations up to date.

Key Takeaway: If your DreamHost site got hacked due to any of the above reasons, the problem will persist even if you move it to another host. It is because your WordPress site is already broken.

Suppose you have many websites under a single DreamHost account and one of them is attacked. All other websites are also infected since they share the same cPanel as the attacked site.

In such a case, Google displays a “hacked” notice for all these sites as shown below:

site hacked notice from google

How To Fix DreamHost Hacked Site and Suspended Account?

hacked website notice by chrome

Consider investigating deeper into your website’s vulnerability before fixing your DreamHost hacked site. Review all the post requests in your site’s Apache access logs immediately before unauthorized file changes.

It might show you how your website was compromised.

Let us now have a look at the steps to fix the DreamHost hacked website:

Step 1 – Restore the older version

dreamhost backups

DreamHost allows you to roll back all website changes with its backup feature. It performs daily backups and retains the data for up to 2 weeks.

Find all your backups under the Domain management tab of your DreamHost control panel. Roll back your site to the last backup created before the unauthorized file changes.

Step 2 – Manually clean

wordpress backdoors

The next step is to manually clean any malware from your website. Replace all the old WordPress core files with new ones. Make it a point to create a website backup before performing this step.

Also, examine your website carefully for any backdoors by using these keywords:

  • str_rot13
  • eval
  • gzinflate
  • base64_decode
  • preg_replace

Step 3 – Install security plugins for malware removal

After manual cleaning, it’s time to install security plugins on your site:

Wordfence

wordfence

Wordfence is one of the best security plugins for WordPress sites. They offer inexpensive hack removal. You also receive pro protection for a year along with site cleaning.

Only a handful of free security plugins actually use a firewall, and Wordfence is among them.

Anti-Malware Security (For Scanning)

anti malware security

This plugin is powerful enough to detect the malware Wordfence sometimes fails to identify. So it complements Wordfence pretty well.

NOTE: Even the best security plugins might sometimes fail to detect some malware. So we heavily recommend you to regularly visit your wp-config.php file. Check all the weird stuff added recently. Look for the addition of new cron jobs that can restore access to your site later.

Step 4 – Hire a Developer

An expert web developer will help you detect the source of the hack and clean your site. They can also strengthen the security of your website to prevent further attacks.

The developer will have experience and knowledge of this work. They might even have solved a similar malware problem in the past. So you can expect them to fix your site much faster thereby minimizing your website downtime.

Overall, paying a professional will result in a much smoother and more effective site cleaning experience. You can easily hire one from any freelance website.

malware removal packages from freelance developers

Step 5 – Rebuild your site (optional)

re installing wordpress

Complete rebuilding is recommended when your website gets hacked repeatedly. It will be more time-efficient to have a fresh WP installation than clean an infected one every time it gets compromised.

You can import your website content to a new, clean WordPress.

This solution might not be ideal for old sites with lots of data and complexities. In such cases, it is best to restore your website to its pre-hacked version via the backup restore option.

Rebuilding is also an excellent option for website owners who do not want to spend money on professional malware removal.  But, if you chose to do this, be sure to secure your new installation to prevent future malware attacks.

How to prevent being hacked again?

DreamHost websites are generally not secure enough, which is what leads to their regular hacking. So, you cannot rely on the host to assist you technically with these security problems.

But hopefully, this tutorial will help you secure your site:

1. Upgrade to VPS or Dedicated

dreamhost dedicated hosting plans

It is recommended to keep your websites in separate cPanel accounts, so that one account won’t have permission to access anything from the others. And if one of your websites gets hacked, the others will remain safe.

This kind of account separation is available either with reseller hosting or VPS/dedicated server plans. It is also viable to buy individual hosting packages for different websites.

One of our clients uses this strategy to protect and isolate their websites.

2. Fix Server Misconfigurations

Wrong server configurations make your website vulnerable to attacks. So fix all these misconfigurations to secure your website:

  • Weak file permissions: Hackers can access your .htaccess and other sensitive files when the permissions on them are not properly set. Then, these files are modified by the attacker to inject malware into your DreamHost website.
  • Open ports: Hackers enter your website via open ports. Make sure you have no open ports when using the DreamHost VPS plans for the safety of your website.
  • Enable two-factor authentication: Enabling two-factor authentication (also referred to as 2FA) restricts the entry of hackers to your site. Configure it for your DreamHost website from the cPanel.
  • Remove old files: Old software and files on your server make your website vulnerable to attacks. So, regularly clear all the outdated software and old license files from your DreamHost website.

enabling 2fa in wordpress

3. Keep Everything Updated

update wordpress resources

Ensure to update all your website resources regularly. This includes your WordPress core files, plugins, and themes. Also, make sure you download them only from reliable marketplaces.

4. Optimize Security Plugins

optimizing plugins

Even after you install and optimize a trustworthy security plugin like Wordfence, it’s important to set it up properly and strengthen its security settings. Since Wordfence is quite popular, you can find many tutorials on how to clean a hacked site with it.

5. Check Anonymous Accounts

reviewing user accounts

Regularly review all user accounts on your site to keep a check on unauthorized access. Analyzing the strength of your passwords from time to time, and adapting them accordingly, can further help keep such unwanted visitors away.

6. Migrate to a Different Host

migrating away from dreamhost

Shared hosting and DreamHost are two big enough concerns on their own. Your site is never fully secure when you use shared hosting. And DreamHost doesn’t come to your rescue if other server users breach your space.

Consider moving away from DreamHost since it is simply not reliable enough. Instead, migrate your websites to a hosting provider that actually performs regular security updates.

What to look for in the new host?

cloudways firewall

When looking for a new provider, check the availability of a firewall system like Cloudways or for the use of the Imunify platform. These are the best tools to prevent attacks on a server and all the sites residing on it.

Overall, your managed hosting solution should offer good support. For your part, you should also update your WordPress and plugins every week, and maintain offline backups.

If you’re still unsure about which hosting solution to go for, we have compiled a list of reliable hosts here in the panel to the right. You can choose any solution from here, and be assured of quality service.

NOTE: We do not recommend an unmanaged VPS or a dedicated server if you have no technical knowledge. By default, unmanaged servers are insecure and more vulnerable to attacks. It is possible to make these servers more secure than shared ones, but this requires some technical expertise.

However unlikely, if a zero-day exploit is released, DreamHost will focus on securing shared hosting servers over others like a VPS. Choosing managed hosting lets your host take care of all the security aspects.

Is DreamHost hack site repair worth buying?

dreamhost hacked site repair

Frankly, DreamHost hack site repair is not worth buying if you have enough technical familiarity to follow the steps we’ve listed above.

This DreamHost pro service is effective in removing website malware. However, the host connects you with its technicians only via email tickets. So the process is slow and will lead to longer website downtime.

But if you want an expert to clean your website and can afford the service, you can consider purchasing it.

NOTE: WordPress is a high-profile target for attackers. It is regularly scanned and attacked. A hacker will immediately exploit a WordPress website if it fails to plug a vulnerability.

Is DreamHost secure?

No, DreamHost is not secure. It has experienced serious security issues repeatedly in the past.

Vulnerability found

DreamHost servers have a serious vulnerability which was found a while ago:

Account takeover using cross-site scripting (XSS) flaw

xss flaw in dreamhost

As shown in the above image, this vulnerability has a serious impact. It allows the attacker to modify the victim’s email or password quite easily. Even if the victim only visits the link to a legitimate website, the malicious script also loads.

Database leak

dreamhost data breach

DreamHost also became a victim of a database leak in April, 2021. A total of 815 million user records were compromised. As a result of their emails and other info getting leaked, the customers all became victims of spam and phishing attacks.

Conclusion

To prevent frequent hacking, it is important to learn how to secure your WordPress site. Most hosts focus on making higher profits by utilizing freeware scanners. Only a few invest in commercial security software.

Move your website to a cheaper but more secure host than DreamHost. An option that provides essential security features for free is Cloudways.

We use it for our website as it offers:

  • Dedicated Firewall & Bot Protection
  • DDoS protection
  • Application isolation, and more

cloudways security features

Hope you enjoyed this DreamHost hacked website recovery guide. If yes, please share it. Also, bring up your queries in the comment section.

Also read: Using Google Workspace with DreamHost

FAQ (Frequently Asked Questions)

How does DreamHost deal with the hack?

DreamHost scans your website files when you share the issue with their support team. You will then receive an email containing a list of infected files and directories in a few hours.

Is DreamHost safe?

No, DreamHost is not safe. It has experienced a database leak recently. Among its clients, websites sharing cPanel on DreamHost are more vulnerable than isolated ones. If one site has an open port, a hacker can repeatedly use it to infect all sites.

Similarly, a shared hosting environment is also quite insecure. If a neighbor user blacklists the server IP, your domain will also be blacklisted.

Is DreamHost email safe?

No, DreamHost email is not safe. Shared hosting environments have poor spam protection in general, and DreamHost is not an exception. Expect a lot of spam when using shared hosting email services.

For better email security, choose a company specializing in email hosting.

What is the DreamHost data breach?

In April, 2021, DreamHost became a victim of a data breach. Emails and other records of 815 million users were leaked.

Is DreamShield protection worth it?

No, DreamShield protection is not worth buying. You will find many free and better-performing WordPress plugins for site security.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Tommy Nao
Tommy Nao
Web Hosting Expert, Content Writer, SEO Consultant, and Web Developer with over 10 Years of Experience.

He has a passion for technology and has spent over a decade reviewing and testing web hosting companies to provide his readers with honest and accurate reviews of the companies he had experiences with.

Tommy loves helping people and has helped hundreds of people start their own successful blogs.

Leave a Comment