On November 22nd 2021 GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers.
You can read more details in Wordfence’s post or at the Hackernews.com.
What can you do?
If you have domain names registered at GoDaddy and especially if you use their managed WordPress hosting, you should take the following precautionary steps:
- Change any GoDaddy-related passwords, including your main GoDaddy account and FTP passwords
- Be wary of follow-up phishing emails. If you get an email from GoDaddy, make these checks to determine whether it is authentic or not.
Some more advice
GoDaddy are far from the only company to suffer from such attacks but there are other very valid reasons to switch to another company, such as Namecheap, for domain registrations:
- GoDaddy use aggressive advertising for services you really don’t need such as analytics, email, dubious SEO services and hidden up-sells
- Charging a premium for services that most providers provide for free such as SSL certificates and Whois privacy
- A History of sexist advertising
- They’ve supported SOPA in the past
- GoDaddy former CEO Bob Parsons published a video on YouTube of himself shooting and killing an elephant in Zimbabwe
Need some more help?
If you’re not sure what to do or if you’ve had doubts about using GoDaddy, contact us for some advice.