Skip to Main Content

Web Hosting Providers With Security Issues

Updated: February 21, 2014

We have begun to compile a list of host that we have found to follow bad security practices or have been exploited due to those types of practices. While these practices are not guaranteed to lead to your website being hacked in the future, these are things that should not exist. While we recommend you avoid these hosts, if you considering using one of the these hosts we would at least suggest you discuss the issue(s) with them before choosing them.

For any hosting provider we would recommend asking them a series of questions to find out about their security practices. Ask them if they store user's passwords in a non-hashed format on their systems, they shouldn't. Ask them if they have access controls in place to prevent other users from accessing your websites files (no matter the files permissions), they should. Ask them if they keep the software on their servers updated (you can also check if your current host is running current versions of important software yourself), they should. Ask them what their policy is on updating outdated software.

Dreamhost

Updated: April 1, 2013

Dreamhost has failed to properly implement proper protections on user's files leading to a major hack. More details.

Dreamhost is running MySQL 5.1.56, which is over one year out of date and contains a number of security vulnerabilities.

Dreamhost is running phpMyAdmin 3.3.10.4, which is over one year out of date and contains a number of security vulnerabilities.

Fatcow

Updated: October 30, 2013

Fatcow is running PHP 5.3.13, which is over a year out of date and contains a number of security vulnerabilities. They are also running phpMyAdmin 2.8.0.1, which is over seven years out of date and contains a number of security vulnerabilities.

Go Daddy

Updated: October 30, 2013

Go Daddy's is running PHP 5.2.17, which has not been supported for over two and half years. They are also running MySQL 5.0.96, which has not been supported for over year.

HostGator

Updated: February 14, 2014

HostGator is running phpMyAdmin 3.5.5, which is over a year out of date and contains a number of security vulnerabilities.

HostGator stores user's passwords in non-hashed form.

HostMonster

Updated: February 13, 2014

HostMonster is running phpMyAdmin 3.4.11.1, which is over a year out of date and contains a number of security vulnerabilities.

HostMonster is running cPanel 11.32, for which support ended in August of 2013.

iPower

December 18, 2013

iPower is running phpMyAdmin 2.8.0.1, which is over seven years out of date and contains a number of security vulnerabilities.

Media Temple

Updated: February 14, 2014

Media Temple is running Apache 2.2.22, which is over a year out of date and contains a number of security vulnerabilities. They are also running phpMyAdmin 3.5.2, which is over a year and half out of date and contains a number of security vulnerabilities.

Netfirms

Updated: October 30, 2013

Netfirms is running PHP 5.3.13, which is over a year out of date and contains a number of security vulnerabilities. They are also phpMyAdmin 2.8.0.1, which is over seven years out of date and contains a number of security vulnerabilities.

Nexcess

February 21, 2014

Nexcess is running phpMyAdmin 3.5.4, which is over a year out of date and contains a number of security vulnerabilities.

Rackspace

October 30, 2013

Rackspace is running phpMyAdmin 3.4.9, which is over a year and half out of date and contains a number of security vulnerabilities.

Related:

Service

Resource