You might remember the GoDaddy commercials from several years back that aired during the Super Bowl. You might have even purchased your website domain address, hosting, or security from them. They are the 800-pound giant in the website market — but guess what? That’s not always a good thing! Several weeks ago, GoDaddy’s system was hacked into, along with over 1.2 million of their customers’ websites. GoDaddy’s website security software was outdated. This also happened two years ago. Hackers are always out trying to gain access to websites. Everyone has a story of their own, or knows of a business colleague who has experienced it.
For years I have promoted and used GoDaddy for some client sites for domain purchasing, hosting, and web security. Recently, however, I have learned that they are NOT putting customers first. Before the pandemic, they would call me quarterly to check in on all the GoDaddy accounts I was assigned administrator, in order to ensure our digital assets were safe. If there was software outdated or a better fitting product of similar value, they would encourage me to switch it over to the better product. I appreciated that. Because of the pandemic, they don’t call customers anymore now? WHAT? You don’t call customers to help them navigate something many know very little about? When I learned this, I was very distraught. I don’t tell you this story to bash GoDaddy, but rather to warn you and encourage you to switch all your hosting and website security to another provider (I have several options that will give you the right security and customer service.) My own site was hacked several years ago. I don’t claim to be a website expert, but I know enough to educate YOU about the problems you will encounter with your website if you use GoDaddy’s services.
In the architecture, engineering, and construction industry, we aren’t “selling” product through our websites, so more than likely there isn’t any confidential information (such as credit cards or client phone numbers and addresses). Information about clients and projects is typically housed in a different software, not on the backend of your website. Nonetheless, hackers were accessing these WordPress websites and wreaking havoc — breaking plugins and disabling pictures and content on many websites across the world. WordPress is the most popular and user-friendly website platform. I’m still a fan of this content management system platform (WordPress doesn’t have anything to do with GoDaddy). Most of these hackers are using bots to perform the crime. These types of bots are programmed to perform a variety of malicious jobs. They work in an evasive manner and are mostly used by fraudsters, cybercriminals, and nefarious parties engaged in various illegal activities. Bots can be used for good, though, too. For instance, when you visit a website and a chat box pops up, many of those chat boxes are run by bots. It’s programmed to “act” like a human. We’ve all experienced bots in one way or another.
For example, I have one client where the hackers got into the site, set up a username/password, and then transferred all the content to themselves. I had to go in and transfer all the content back to my username and delete the “bot” as a user. Once I completed that I attempted to update a bunch of content and plugins that had been broken. Because of the poor security platform we had through GoDaddy, bots are still trying to access the site and take up “storage” on the website. It won’t allow me to update any content on the website, because the bots are hogging all the storage. We are in the process of migrating the site to a different hosting provider who will watch the site more closely. This provider really isn’t more expensive, because GoDaddy charges for each piece where this provider has a packaged deal. There is a migration fee to move the site from GoDaddy to their servers, but the hosting fee includes annual hosting, website security, and the SSL Certificate.
Hosting your website somewhere securely and updating plugins will help keep your website safe and secure. The website security should include a good firewall (this is a plug in on your website), malware detection, and active virus scanning. An SSL Certificate should also be installed on your website. It’s always been essential for e-commerce websites, but having one has recently has become important for all websites. Google released a Chrome update in 2018. The security update happened in July and alerts website visitors if your website doesn’t have an SSL certificate installed. That makes visitors more likely to bounce, even if your website doesn’t collect sensitive information.
Having a secure hosting provider, good website security, and an SSL Certificate installed on your website is recommended for EVERY website.
Should you have questions about your website and need technical assistance, please contact us today. We’d love to help you secure your website and keep it up-to-date with projects, people and services.
Here are some other resources for additional information about GoDaddy’s data breach.
Waqas (2021, November 22). GoDaddy detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers. https://www.hackread.com/godaddy-hacked-hackers-access-data-customers/
Cimpanu, C (2021, November 22). GoDaddy data breach impacts 1.2 millio WordPress site owners. https://therecord.media/godaddy-data-breach-impacts-1-2-million-wordpress-site-owners/