GoDaddy.com Managed WordPress Hosting System Hacked
GoDaddy.com Managed WordPress Hosting is not on our list of favorite hosts. It's been generally known to have too many upcharges and the typical packages are not very performant.
On November 17, 2021 the GoDaddy Managed WordPress Team became aware of a hack to their system. In this hack, they discovered that millions of customer accounts had been affected.
The items exposed were:
- The original WordPress admin passwords from account setup
- Active Customers SFTP credentials
- Some SSL certificate private keys
This type of breach is becoming more and more common.
To protect yourself, you should always follow best security practices, such as:
- Randomized SFTP Passwords
- Randomized WP Admin Passwords that are not the default password
- 2 Factor Authentication for hosting accounts and WP Admin accounts
- A Web Application Firewall for your website to filter suspicious traffic.
- Logging of all user logins on your website for review
- Keep your website up to date and backed up
- Occasionally, change all of your admin passwords
- Don't provide admin access to third parties, if you do remove the account when they are done.
- Add email or text Notifications for everything that gets installed on your WP Website
- Have a disaster recovery plan in case of the unforeseen.
When you have a successful website, particularly an e-commerce website, you become a juicy target for hackers and information thieves. It's a never ending fight, but once you take on customers, your data and their data are both at risk. The best thing you can do is your due diligence to keep that information protected as best it can be.
If you've had a security issue or breach and need help, get in touch!
Reference: GoDaddy SEC Notice