17 Comments

  1. Vishwajeet Kumar
    · Reply

    This is really shocking news. I also have blogs hosted on Managed WordPress hosting of Godaddy. Yesterday My WordPress admin password was also compromised and I have changed it. I will definitely move my blogs to new a and reliable hosting provider.

    Regards,
    Vishwajeet Kumar

    Report

  2. Steven Gliebe
    · Reply

    Seriously, while some providers are better than others, this is a fact of life when it comes to self-hosting. It is simply more risky in terms of security than a hosted proprietary platform. That’s the trade-off for flexibility.

    I’m sorry for all those affected. I wonder how Pagely employees feel. Imagine one day you wake up to find that you now work for GoDaddy. Then, a few days later the “‘managed” WordPress product is hacked to the tune of 1,200,000 accounts.

    Actually, I wonder how comfortable Pagely customers feel right now. I’d be picking up my site and running for my life. Which is exactly what I had to do after Media Temple and Sucuri were acquired. Degradation was too quick for my comfort.

    Good night and good luck.

    Report

    • Harald
      · Reply

      … more risky in terms of security than a hosted proprietary platform.

      Erm, nope. Any platform is at risk at any time. Some proprietary platforms think, they would be somehow more safe, because nobody would know their code, but that’s of course a basic fail in security assessment.

      Report

    • Peter Shaw
      · Reply

      You do realise that this incident exactly contradicts your first point.

      WordPress itself was not vulnerable. What failed was the proprietary part of the managed WordPress service.

      Otherwise you are right, more poor outcomes from a poor company.

      Report

  3. Erik Joling
    · Reply

    I asked the ManageWP helpdesk if their service was exposed as well, since they are a GoDaddy company. Luckily this seems not to be the case:

    ManageWP accounts were unaffected in the GoDaddy security breach. We do not store credentials in our system, and the data we do store (like backups) is encrypted.

    Report

  4. Stuart
    · Reply

    WPEngine all the day…been with them site day one…

    Report

  5. Brian Jacobs
    · Reply

    Seeing how Godaddy is handling these issues, knowing them well, and most of you are fast to jump! It just shows your corrector as a person! GoDaddy always has and will be a target for hackers! I have been with Godaddy for many years and have over 200 websites built with them and WordPress! Yes, this is an alarming issue to deal with! But one thing I will say about GoDaddy is when they have problems and fix them, they never go through it again! Why? Cause they learn from what happens with each attack! Jumping may be a temp move, but overall, GoDaddy is still at the top of their game cause they learn from their mistakes, fix them fast, and make it better each time! So I think you will make a big mistake by quick judgments and withdraw over this temp issue! This is my opinion, of course! But if it had been any other company than GoDaddy, I would be jumping myself along with you all! But with over 15 years working with GoDaddy & WP hosting, you be a fool to jump now! Yes, I had 15 of my website go down and had my customers all change their passwords and login info! Not one has said to me to move their website to other hosting! They trust my team and me as we all have and will still trust in GoDaddy and WP! I am building right now seven new websites for customers, all with GoDaddy and WP still! By the time you all jump and change, the issue will be fixed and moving on! See, while I am posting this, 5 of my websites are back up and looking good! Thank You for letting me post with you all today!

    Report

    • David Artiss
      · Reply

      “Cause they learn from what happens with each attack! Jumping may be a temp move, but overall, GoDaddy is still at the top of their game cause they learn from their mistakes”

      I dunno, I guess I like my hosts to not be insecure in the first place. Holding secure information in plaintext is just simply wrong and GoDaddy should never have put their customers in this situation in the first place, imo.

      I’m not sure even sure we can be confident that they learn from their mistakes either…

      “In 2017, the company revoked thousands of SSL certificates after issuing them without proper checks and authorization. In January 2019, an independent researcher found a vulnerability in its process for handling DNS change requests that enabled hackers to hijack domains and create phishing campaigns. It also notified customers of a hack that exposed SSH login details in the same year.” (https://www.itpro.co.uk/security/data-breaches/361624/godaddy-data-breach-exposes-over-12-million-customer-details)

      Or is this acceptable because you consider each one to be a separate breach that you’ll forgive? What does GoDaddy have to do in this case to damage your trust?

      Report

  6. Giulio
    · Reply

    “The incident has damaged customers’ trust…”

    Well, it’s GoDaddy, how did they have any customers’ trust earlier?

    Report

  7. Miroslav Glavic
    · Reply

    First of all, GoDaddy is the big Daddy of hosting and domains. Of course hackers and evil doers will target it. Why would they hack a small company from let’s say Moldova? A tiny country in Eastern Europe.
    If you are going to hack, you hack a bigger company that has bigger database.

    For the average Joe, GoDaddy is fine.

    Disclosure: I had domains with GoDaddy in the past, I no longer due to selling those domains to someone else years down the road. Last time I had a domain with GoDaddy was in 2016 or 2017 I think.

    Other hosting/domain registrar companies have been hacked. Change your passwords and move on.

    So many people have weak passwords anyways.

    Report

  8. AOS
    · Reply

    I received the email. First, I have no idea what account was on Managed Hosting with them. I don’t use them. Maybe some client site from years ago? Also, “the password you first used when setting up your WordPress Admin login.” Seriously?! We’re supposed to keep/know what original passwords were? I guess the only thing not to worry about is that I use strong/unique pws. But now my email and other data is out there. They just suck.

    Report

  9. Steven Gliebne
    · Reply

    Wordfence is reporting that other web hosts that resell GoDaddy’s Managed WordPress product are affected to some degree as well:

    tsoHost
    Media Temple
    123Reg
    Domain Factory
    Heart Internet
    Host Europe

    Report

  10. Niall Flynn
    · Reply

    SiteGround seems to be offering a really decent managed WP, anything can get hacked. So its best to have a prevnetion plan rather than assuming this will never happen. I am sure GD will sort it but they for me were always a budget hosting option. WPE or SiteGround, but WPE are super annoying constantly spamming sales as tickets.

    Report

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: