GoDaddy’s Managed WordPress Data Breach And What You Should Do If It Impacts Your Organization

On November 22, 2021, GoDaddy informed the Securities and Exchange Commission (SEC) of a security breach for 1.2 million users on its managed WordPress servers. According to the report, the breach impacted users as far back as September 6, 2021. Let’s review what that means and what your organization should do if you utilize GoDaddy’s hosted WordPress management.

Confirm Whether You Use The Service

  • If your org uses WordPress, that doesn’t mean it is part of the data breach. The breach only impacts organizations and individuals that use GoDaddy’s managed hosting solutions or any of the following resellers that utilize the same service: tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.
  • If your organization uses GoDaddy for domain name registration and/or DNS management, that is a mutually exclusive service and according to GoDaddy is not subject to the data breach.
  • It isn’t unusual to be unsure so if there’s any doubt, reach out to your web developer or IT provider that set up your WordPress site to confirm.

What The Breach Means For Your Organization

  • For active customers, sFTP and database usernames and passwords were exposed. GoDaddy reset both passwords for all users, which is good, but there is a risk that malicious files and/or scripts could have been uploaded to your site or database.
  • A smaller number of active users had their SSL private key was exposed. GoDaddy is in the process of issuing and installing new certificates for those customers and informing them of the change. An SSL certificate is how your website keeps information like credit card numbers and personally identifiable information (PII) secure when interacting with site visitors.
  • IMPORTANT: if you never changed your original WordPress admin password, those credentials were exposed and provided another method for attackers to access the site and steal information and/or inject malicious files or scripts. GoDaddy has reset those passwords for those customers.

What This Isn’t

  • This isn’t a WordPress security breach; meaning, if your website runs on WordPress but you don’t use GoDaddy’s managed hosting, this doesn’t impact your organization.
  • This has no impact on any user accounts, which are mutually exclusive from self-hosted WordPress websites.

What You Should Do If Your Organization Uses GoDaddy’s Managed Hosting, a security provider that specializes in WordPress, published a list of actions and tips your organization should implement ASAP. The first point is of utmost importance and is connected to the topic of data breach policies.

  1. If you’re running an e-commerce site, or store PII (personally identifiable information), and GoDaddy verifies that you have been breached, you may be required to notify your customers of the breach. Please research what the regulatory requirements are in your jurisdiction, and make sure you comply with those requirements.
  2. Change all of your WordPress passwords, and if possible force a password reset for your WordPress users or customers.
  3. Change any reused passwords and advise your users or customers to do so as well.
  4. Check your site for unauthorized administrator accounts.
    1. Tip: go to []/ wp-admin/users.php?role=administrator and if you see any unknown or suspicious admin users, take action.
  5. Scan your site for malware using a security scanner.
    1. Tip: reach out to your web developer and/or hosting provider for assistance.
  6. Check your site’s filesystem, including wp-content/plugins and wp-content/mu-plugins, for any unexpected plugins, or plugins that do not appear in the plugins menu.
    1. Tip: reach out to your web developer and/or hosting provider for assistance.
  7. Be on the lookout for suspicious emails – phishing is still a risk, and an attacker could still use extracted emails and customer numbers to obtain further sensitive information from victims of this compromise.

Additional Recommendations

One of the reasons why this data breach is so serious is WordFence discovered what might be best defined as a lapse in good security measures on the part of GoDaddy in the form of storing sFTP usernames and passwords in an unsecure plain text file.

In English, this makes it remarkably easy for hackers to collect and use that information to add malicious files and code to a website. When those credentials are stored securely, the amount of effort it takes to crack them tends to discourage most hackers from trying.

While regular readers know I write about the importance of setting and regularly updating admin accounts with strong passwords, it’s worth pointing out that using password management services, like, can also be used to securely store and use ancillary passwords like these.

About Drew McManus

"I hear that every time you show up to work with an orchestra, people get fired." Those were the first words out of an executive's mouth after her board chair introduced us. That executive is now a dear colleague and friend but the day that consulting contract began with her orchestra, she was convinced I was a hatchet-man brought in by the board to clean house.

I understand where the trepidation comes from as a great deal of my consulting and technology provider work for arts organizations involves due diligence, separating fact from fiction, interpreting spin, as well as performance review and oversight. So yes, sometimes that work results in one or two individuals "aggressively embracing career change" but far more often than not, it reinforces and clarifies exactly what works and why.

In short, it doesn't matter if you know where all the bodies are buried if you can't keep your own clients out of the ground, and I'm fortunate enough to say that for more than 15 years, I've done exactly that for groups of all budget size from Qatar to Kathmandu.

For fun, I write a daily blog about the orchestra business, provide a platform for arts insiders to speak their mind, keep track of what people in this business get paid, help write a satirical cartoon about orchestra life, hack the arts, and love a good coffee drink.

Related Posts

Leave a Comment