Key Takeaways
- DreamHost helped write the guidelines for the Secure Hosting Alliance (SHA). And now, it’s officially certified by the organization it helped build.
- To earn a Trust Seal, providers undergo a full audit of their infrastructure and policies to meet four “pillars” as determined by the SHA.
- As for why: The hosting industry’s reputation hasn’t always inspired confidence, and some providers are finally trying to change that.
Last week, managed WordPress provider DreamHost received a Trust Seal from the Secure Hosting Alliance (SHA).
The SHA is a grassroots, volunteer-based organization — so nobody is forced to join. But in a space where anyone can become a web host, volunteering to be vetted says something. It’s not unlike how the public side-eyes suspects in criminal cases who refuse to take a polygraph.
“The Secure Hosting Alliance certification is more than a badge on a website,” DreamHost’s Brett Dunst told us. “It’s a public commitment to transparency, security, and ethical responsibility that helps build trust across the hosting industry.”
Fun fact: DreamHost helped write the SHA’s certification rules as a charter member. Now, it joins recent members 20i and BigScoots on the alliance’s growing roster.
The full list is available on the official website.
Who’s Behind the SHA?
You may have heard of the SHA’s parent, the Internet Infrastructure Coalition (i2Coalition). It’s the group hoping to rebuild hosting’s reputation after years of, well, otherwise untrustworthy behavior.
But actually getting that Trust Seal is no easy task. The SHA board asks that interested hosts undergo a review and audit of everything, from their policies and infrastructure.
They have to meet four core “pillars” to pass:
| Pillar | What it means |
| Transparency | Hosting platform rules are public so customers know what they’re signing up for, including data policies |
| Misuse Protocols | There are clear, documented steps for how a host handles abuse (such as spam, malware, DDoS attacks) with a clear path to who to contact and responses |
| Network Reliability | Systems are proven to be monitored, capacity is planned ahead of time, and backups are ready to keep their client sites online in case of an issue |
| Government Handling | There’s a law-abiding, well-documented process for handling data requests that protect user rights |
DreamHost specifically said the purpose of the SHA is “industry self-regulation” — a way for hosts to prove that they can police themselves instead of relying on vague one-size-fits-all entity standards.
And in its own words, the SHA “is revolutionizing the web hosting industry by establishing the standards that truly matter.”
Winning Back the Public’s Trust
The web hosting world has long struggled with trust.
Porkbun, for example, is self-aware enough to admit this and sees the drive for change, having previously told us: “Our industry doesn’t have a good reputation. You have endless pages of upsells and there is always a chance to add another product on. Some make sense, others don’t.”
In a perfect world, every host would have the client’s best interests in mind.
But the reason so many don’t comes down to the fact that anyone can rent or resell servers. Nothing but a credit card is necessary. And that makes the web hosting industry a goldmine for botnets, spammers, phishers, and of course, bulletproof hosts.
Take a look at the discount or offshore hosts who advertise low pricing, a large variety of services, all backed by very unclear ownership. They’re still managing to grow because too many newcomers see “cheap” as “good enough.”
While regulatory entities have tried to respond with takedowns and regulation, none of it fixes the root problem: the culture.
It’s as Dunst said: “In an industry where performance and pricing often look the same, trust is the new differentiator. Certifications like the Secure Hosting Alliance’s make that trust visible.”
Other industry standards — like SOC 2 and ISO — focus on privacy and security. But the SHA goes beyond protocol and into something more human: to make sure that hosts are responsible internet providers.
Of course, certification doesn’t mean perfection. The SHA’s standards are reviewed every three years, so the next round of updates is likely to come in 2028.
