We curate and host WordPress and WP-eCommerce sites for ourselves and our customers. One of the hosting providers we use, and recommended WAS DreamHost. Their support and pricing had always been good. Their attitude used to be cooperative, communicative and considerate.
Then, last night, while at dinner with the bride, my phone vibrates indicating a priority message. As of that message, DreamHost is no longer on our recommended list.
DreamHost sent out a blast email notifying all of their customers that in 4 business days, and in the middle of holiday shopping season, DreamHost is making a change to their hosting configuration. The change DreamHost is making is a little hard core, removing “sudo” access to the servers. For people that don’t know, sudo is the tool that lets a user log in to make an administrative or configuration change to a server.
For your entertainment value, the message is below.
Why this matters? Every once in awhile something goes wrong on a server often a simple fix is restarting a process, or flushing a cache. In the case of e-commerce sites we sometimes have to make subtle adjustments to configurations in response to reports from periodic security scans or security patch notices. After this change, making any critical change will be impossible.
So, after the change, if a web site requires a little tweak or has an issue that is critical to it’s ongoing operations, just turn out the lights.
And no, we don’t think turn out the lights is an exaggeration! All of the commerce sites we curate for our customers are PCI Compliant and are periodically scanned by independent third parties. If a scan detects an issue, as sometimes happens with a recently discovered operating system or application software vulnerability, we get notified. If the issue is severe and is not promptly corrected, the PCI company will notify your credit card processor. If your credit card processor decides that the issue puts them at risk, your payment processing can be turned off.
With this change your sites’ performance is also at risk. Even a common performance enhancement to a WordPress site like turning on memcached now becomes impossible. For some of our commerce and blog sites memcached is important. Memcached speeds WordPress response times up by 5-10 times, and lets us handle spikes in traffic without any degradation in performance. So if your e-commerce site is lucky enough to get busy, even this most obvious performance tweak is not going to be useful.,
For any DreamHost customers that need to find the words to share with DreamHost to express their concern over this change feel free to borrow from the hastily written note we sent to DreamHost last night:
I just received an email that you are making a change to the VPS configuration for my sites in the middle of the christmas shopping season. WITH LESS THAN 10 BUSINESS DAYS NOTICE! “We will be removing admin (sudo) access from all DreamHost VPS instances.” Removing the administrative access to our server instance will cause substantial loss to our business. If you make this change it is a near certainty that my site will not be supportable, will fail, and you will cause a substantial financial loss to our company. The mitigation of your actions, even if they were technically possible in the inadequate time you have provided, will cost of tens of thousands of dollars to implement. The inadequate notice period makes it impossible for us to find another technical resource to host the site, move it and test it in the next few hours before the busiest shopping days of the year are upon us. This change and how you are planning to make it, most notably including the insufficient notice is negligent, and exudes arrogance and incompetence. I insist that I immediately get a call back from a manager explaining this change and why your management team thinks the timing is acceptable. I insist that you provide a viable alternative or cancel the plans that you have made unilaterally. I insist that you forward me the contact address that I need to use for legal notices and correspondence. Please include the postal address, the person’s name, and the telephone number so that I can have correspondence sent. Flabbergasted by this bonehead move, Pye Brook Company, Inc.
This morning, we start work and check our host status DreamHost server control panel and find this notice:
You can get whiplash reading the back-peddling in this note. A very disturbing take-away from this posting is that DreamHost fails to recognize the critical timing of this change and how it could impact customers. Even worse, is the admission that they have not taken the time understand the impact of this change before making the decision to implement the change.
Our takes on this situation are these:
- This change makes it technically impossible to implement the standard recommended configuration for highly performing WordPress blogs and e-Commerce sites.
- This change makes it technically impossible for us to respond to critical situations that arise from time to time with the sites we host.
- MOST CRITICALLY: We can’t rely on a hosting provider whose internal decision making process is so flawed that changes like this are put in process during critical times, without making the necessary effort to understand the impacts, and without sufficient notice.
We are fortunate in that we also have sites running on Amazon AWS and Digital Ocean, so we have a path out the DreamHost debacle.
So the answer is yes, we think you should run away.
If you are already using our curated WordPress or WP-eCommerce services you will be migrated transparently after we consult with you and make sure it won’t impact any planned/expected commerce or marketing events.
If you work on your own, and you feel at risk by this dreamhost move we can migrate your WordPress blog or e-commerce site to your stand-alone AWS server / Digital Ocean server or our curated offering for a one time flat fee.