Increase in hacked GoDaddy WordPress websites


If you find this free website useful – why don’t you support this with a donation? It is easy…. read more ….

It has been reported that there has been a massive increase in hacked websites on GoDaddy’s manged WordPress platform.

If your site is hosted on GoDaddy’s Managed WordPress platform, including MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress sites, you may have been subjected to a backdoor attack.

Exactly how this backdoor has been added to sites is unknown, but GoDaddy have admitted that their servers were compromised a while ago so perhapsthe backdoors were planted them.

Once a backdoor is in place a command and control domain then can plant malware. In this case it seems the attack compromises sites’ genuine SEO output. This can be particularly damaging to businesses impacted.

It is easy to check, as the compromise is visible in your wp-config.php as you will see unexpected encoded data. Alternatively you can run a scan with your preferred security software.

If you do find your site has been compromised then don’t panic and follow the standard recovery processes. Note that simply recovering from backup is not enough as a backdoor could be in place from some time ago and can be re-opened.

WordPress.org have some advice here about recovering from a hack https://wordpress.org/support/article/faq-my-site-was-hacked/

The original notification of this particular issue was published by WordFence on 15th March 2022 see https://www.wordfence.com/blog/2022/03/increase-in-malware-sightings-on-godaddy-managed-hosting/ for details.


Leave a Reply

Your email address will not be published.