GoDaddy WordPress Hosting Data Breach

In this article, we highlight a significant data breach that has impacted brands reselling GoDaddy Managed WordPress hosting. We aim to reassure our clients, offer guidance for those affected by the breach and share practical tips to help prevent hacking attempts on your website.

What Has Happened?

According to an article by Ram Gall on WordFence, GoDaddy—a major US-based domain registrar and web hosting provider—revealed a large-scale data breach on Monday. This breach has affected over 1.2 million customers. The following day, WordFence confirmed with GoDaddy that the breach also impacted several brands reselling GoDaddy Managed WordPress hosting, including:

• tsoHost
• Media Temple
• 123Reg
• Domain Factory
• Heart Internet
• Host Europe

What Does This Mean?

Dan Rice, GoDaddy’s VP of Corporate Communications, clarified:

“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific details and recommended action.”

On 17th November, tsoHost identified suspicious activity within their WordPress hosting environment. They immediately engaged third-party forensic experts and notified law enforcement. Investigations have since revealed that, around 6th September 2021, an unauthorised party gained access to authentication data, including:

• Customer numbers and email addresses.
• WordPress admin logins.
• sFTP and database usernames and passwords.

This breach gave hackers access to GoDaddy customer WordPress accounts and websites, with potential for malicious activity such as content alteration.

Why Do Hackers Do This?

People often wonder what hackers hope to gain from such breaches. According to cWatch, hackers’ motivations include:

• Bragging rights or taking on a challenge.
• Revenge or sabotage.
• Blackmail or extortion.
• Corporate espionage or theft.
• Boredom or vandalism.
• Planting inappropriate links to undesirable websites (e.g., gambling, adult content).

Are The Last Hurdle Clients Affected?

No, our clients are not affected.

We want to reassure all our clients that this breach does not impact them. We do not use GoDaddy or any of its associated brands. All our client websites are securely hosted on our own cloud-based servers.

What To Do If You Are Affected

If you have been notified that your website is part of this breach, follow these steps:

1. Follow Instructions
   Carefully read the email from your hosting provider and follow the recommended actions, such as resetting your password.
2. Seek Professional Help
   • Inspect Your Website: Check every page and piece of content on the front end to ensure nothing has been altered.
   • Scan for Malicious Code: Ask your web developer to conduct a full scan for malicious code, unauthorised changes or inappropriate links.
   • Secure Your Site: Have your developer implement changes to strengthen security, including updating passwords and checking server settings.

How To Prevent Hacks

Although hackers remain a persistent threat, there are several steps you can take to reduce the likelihood of a breach:

1. Install Security Plugins
   For WordPress sites, plugins like WordFence provide alerts for hacking attempts and can limit login attempts.
2. Use a CDN
   Services like Cloudflare can mitigate massive DOS attacks and add an extra layer of protection.
3. Strengthen Passwords and Usernames
   • Avoid obvious usernames like “admin.”
   • Use passwords with 16+ characters, including a mix of letters, numbers, and symbols.
   • Change database usernames and passwords for added security.
4. Keep Everything Updated
   Regularly update your WordPress core, plugins and themes. Most updates address security vulnerabilities.
5. Avoid Cheap Shared Hosting
   Shared hosting environments are often less secure. Invest in reliable hosting solutions.
6. Enable Two-Factor Authentication (2FA)
   2FA provides an additional layer of protection. Yes, it’s slightly inconvenient, but it’s far better than dealing with a hack.
7. Monitor Employee Access
   If employees leave, immediately revoke access to accounts and change passwords.
8. Avoid Public Wi-Fi
   Public Wi-Fi networks are vulnerable. If you must use one, use a VPN like CyberGhost for encrypted browsing.
9. Back Up Regularly
   Ensure your website is backed up daily to an offsite location. This way, you can quickly recover your website in case of a breach.
10. Beware of Phishing Emails
    Never click links in suspicious emails. Always navigate directly to the website in question to log in.

Final Thoughts On The GoDaddy WordPress Hosting Data Breach

The GoDaddy WordPress Hosting Data Breach is a reminder that no system is entirely immune to attacks. However, by implementing the steps outlined above, you can significantly improve your website’s resilience to cyber threats.

If you found this article helpful, please share it. If you need assistance securing your website, contact The Last Hurdle on 01604 654545 or email us at hello@thelasthurdle.co.uk.