Last week, it was announced that the GoDaddy Managed WordPress hosting database had been breached and included 6 other hosting services that are GoDaddy Managed WordPress resellers. Those 6 services are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. If you use any of these companies for your managed WordPress hosting, here are some things you should do to secure your website.
First though, not all WordPress websites are hosted on a managed platform. You need to determine if your website was part of the breach. If you have a website hosting plan where you have access to cPanel, your website files through File Manager and you installed and set up your WordPress website yourself, you most likely do not have a managed WordPress account. Your account will be called WordPress Hosting, or Managed WordPress Hosting if your website is part of the breach.
If you received an email from GoDaddy or the other 6 hosting services, your website for sure is part of the breach and it’s time to take action. GoDaddy reset passwords for your admin login, sFTP password and database password. In order to edit your website content, you must reset your admin password to log in. The email you received for GoDaddy provides instructions on how to change all passwords.
Once you log into your website, install a security plugin such as Wordfence and run a scan to make sure there aren’t any malicious files on your website. There is a free version of the plugin that will be able to detect any security issues on your website.
Next, it’s important for you to know that your customer number, email address and password were exposed so turn on 2 factor authentication for your GoDaddy account. I f you are using that same email and password either separate or in combination anywhere else, change your password on those accounts as soon as possible. You can also check to see if your email has been part of other breaches by searching it on haveibeenpwned.com. You can sign up for identity monitoring services that will show you what passwords have been compromised. Stop using those passwords and change all accounts that use them right away!
Hopefully, your website has not been infected with malware, however, due to the nature of this breach, there are more issues you need to be looking out for. You can be the target of phishing scams since your email address was exposed. Examples of phishing include emails that are made to look like they are from legit companies and people but really aren’t. It could be an email from someone you know asking you click on a link, or an email from a company you use as a service (Square, PayPal, Office 365, etc.) requesting you click a link to update your password or payment info. Don’t click on those links! The best rule of thumb is if it looks weird then it most likely is. You can also hover or click on the sender email address to see the actual email address it was sent from. If that email address doesn’t match up, it’s for sure spam and phishing. If you receive an email and you’re not sure if it’s phishing or not, don’t click on any links. Instead, go to a browser and log into the account in question to see if there really is an issue.
Does it suck that GoDaddy was breached? Yep, for sure. Is it a pain in the behind if your account was part of it? Oh yeah. But, the reality is that this happens more than you think. Large companies like Adobe, LinkedIn, Canva, and more have all been breached at some time. That’s why it’s super important to always use strong emails that don’t include your favorite pets or sports teams. Change up your passwords every 6 months or so and use different passwords for each account. Use 2 factor authentication whenever you can and use a password manager like Last Pass that stores encrypted passwords or Authy that provides 2 factor authentication without having to use SMS texts.
If you need help with your WordPress website, contact us at Powered by RIO and we can help reset passwords, run security scans and remove malicious files.