Important! GoDaddy Password Breach

This is an important announcement for anyone with GoDaddy Managed WordPress Hosting (or any GoDaddy account, just to be safe).

Your password may have been compromised

Your password may have been exposed to a hacker. It is essential you take immediate action to protect your website, data and if you have a membership site, or e-commerce site, the data of your customers.

The announcement:

Wordfence, WordPress Security experts stated on 23rd November 2021 that:

GoDaddy announced this morning that they have been breached. GoDaddy appears to have stored passwords in plaintext, or in a format that could be reversed back into plaintext, which is not an industry best practice.

We confirmed this by signing into a GoDaddy Managed WordPress Hosting Account and verifying that we were able to view our own sFTP password. That means the attacker didn’t need to crack the passwords and could likely retrieve them directly.

According to GoDaddy’s own SEC filing: “For active customers, sFTP and database usernames and passwords were exposed.”

The attacker had access to GoDaddy’s systems for over two months before they were discovered.

What should I do now?

  • If you are effected by the breach (you have hosting with GoDaddy), you should change your password right now. This is the first step.
  • If you run an e-commerce store or membership site, and GoDaddy confirms your data was breached, you may be required to notify your customers.
  • Change all of your WordPress passwords, and roll out a forced password reset for any members, users or customers.
  • Change any re-used passwords, and encourage your users to do the same.
  • Enable 2 factor verification on your WordPress website.
  • Check your website for any unauthorized administrator accounts from your WordPress Dashboard.
  • Scan your site for malware.
  • Check your WordPress Plugins for any that do not belong, or have been newly installed.

Still confused?

If you are hosting your website with GoDaddy, I highly recommend you change your hosting at the next available time (when you current hosting finishes for example). The best WordPress Hosting comes with additional security, and I recommend SiteGround, WP Engine or FlyWheel

Need help?

If you have any concerns about your website security, please contact me straight away and I will have a look for no charge. I understand what a big worry a hacked website can be.

Please note: some of the above links may be referral links or affiliate links. The only reason I’m sharing these with you is because I recommend these providers and use them myself.

Privacy Settings