WP Quick Assist

Helping You With Wordpress

How to Recover a Website from Godaddy.com

May 17, 2023 By WP Helpline Off

You have probably heard or read about the massive security breach at GoDaddy.com in March 2018. This security breach was actually one of the largest in history and it affected nearly every company and individual that had an online component. Thankfully, the impact on web hosting was rather minor and it didn’t affect the majority of users. Still, the news was enough to make any website owner or operator nervous about where, and how their websites are stored.

What Is The GoDaddy.com Security Breach?

GoDaddy is one of the world’s largest web hosting services and it is incredibly popular. It was initially launched in 1998 and it is headquartered in Scottsdale, Arizona. It currently has more than 72 million monthly active users and it claims to be the largest web host by far. If you go by traffic, it is also the most visited site on the entire internet. 

It is owned by the New York-based e-commerce company GoDaddy.com, Inc., which owns a vast array of different websites and services, including 

  • Hootsuite
  • SquareSpace
  • Bluehost
  • Shopify
  • PowWow
  • ConvertKit
  • Drip
  • Instagram

Most of these websites and services are either directly or indirectly related to e-commerce and online payment processing. 

The GoDaddy.com security breach was actually a huge hack that was executed by a Russian hacking group called the DarkOverlord that claimed to have gained access to more than 500 million accounts via an SQL injection vulnerability. GoDaddy identified this vulnerability in March 2018 and they subsequently fixed it. However, by that time the damage had been done. 

The DarkOverlord group reportedly sold the database of accounts that they had stolen to interested buyers for $500,000. Not only had the DarkOverlord hackers managed to gain access to 500 million accounts but they had also potentially compromised the security of those accounts, enabling them to be accessed by anyone with knowledge of the hack. 

What Is An SQL Injection Vulnerability?

SQL injection is a type of attack that occurs when a script or program that is run on a web server is improperly written such that it is vulnerable to injection attacks. When a web server is attacked via an SQL injection vulnerability, the hacker is usually able to access all of the database records that are available. The hacker can then use this access to construct a profile of the website’s users and/or to conduct various malicious tasks, such as stealing account information or disrupting the functionality of the website by inserting a large amount of data into the database.

The Implications of the GoDaddy.com Breach

Obviously, being the owner of a major website hosting company, GoDaddy must have realized that the ramifications of the security breach would be far-reaching, potentially impacting countless users. To avoid potentially massive liability, GoDaddy quickly put into place a plan to fix the issue and they disclosed the breach in a blog post on March 14, 2018. They claimed that the hack only affected a small percentage of their customers and they assured users that their website data was safe.

Still, it is important to note that even though GoDaddy has secured the breached data, they cannot guarantee that the data has not already been compromised. This underscores the importance of regularly updating your WordPress installation with the most recent version of WordPress as well as maintaining a good antivirus program, on top of your regular backups.

How to Recover From A Website Breach

As someone who owns or operates a website, you must be wondering how to recover from a security breach. After all, if you are reading this blog post then you have already been targeted by the DarkOverlord hackers and you know that your data has most likely already been compromised. What can you do?

Hopefully, you secured your web server’s IP address with a complex combination of numbers and letters prior to the breach. If so, congratulations! You are one step ahead of everyone else. Unfortunately, this was not the case for the hundreds of millions of other websites and accounts that were affected by the breach. 

If this is the case then you need to figure out how to regain control of your website and you need to do it quickly. Luckily, there are several different ways that you can tackle this issue and regaining control of your website is actually rather simple. Here are the five most viable options that you can follow:

1. Restore From Backups

The first thing that you should do after discovering that your website has been hacked is to restore it from backups, If you are fortunate enough to have them. This may be a difficult task, depending on how long ago the backup was taken or, if the backup was done manually by someone, how comprehensive the list of restored files is. Nevertheless, you should do your best to restore your site from backups because this will limit the damage that can be done by anyone who gains access to your web server’s IP address.

2. Change Your Website’s Password

The next thing that you should do after restoring from backups is to change your website’s password. This is extremely important because, as we discussed earlier, anybody who has access to your web server’s IP address can potentially gain access to all of your website’s database records, including your username and password. Once they have this information then they have full access to your website and they can do as they please, including deleting all of the content that you or anyone else has created on your website.

3. Disable WordPress’ Default Login

Change Your Website’s Password

The next thing that you should do is to disable WordPress’ default password. This is a particularly nefarious step that you should undertake because, as we mentioned above, anybody who has access to your web server’s IP address can gain full control of your website, including your WordPress installation. If you use WordPress’s default login, all of your website’s content will be accessible to anybody who is logged in. In other words, anyone who has access to your web server’s IP address can potentially access all of your website’s content, even if they do not have a username or password.

4. Change Your Website’s Login Information

Chage Your Website’s Password

The next thing that you should do is to change your website’s login information. Simply put, if you use your website’s login to log in to WordPress then you should change your password and you should disable the default login. The reason for this is that, if somebody logs in using a stolen username and password, then they can gain complete access to your website’s content.

5. Change Your Website’s Permissions

The last thing that you should do is to change your website’s permissions. This is an extremely important step because, as we discussed earlier, anybody who has access to your web server’s IP address can potentially gain access to all of your website’s database records, including your username and password. If you allow “Everyone” to have read access to your website’s content, then you are essentially telling the world that your website is open for business and you are giving anybody who has access to your web server’s IP address full control over your website.

As we discussed above, the DarkOverlord hackers had access to more than 500 million unique email addresses and passwords. Although this may not seem like a big number to you, keep in mind that there are more than 2.5 billion active monthly email users worldwide. Additionally, every year more than 38 million new accounts are registered on the internet. This means that more than 100 million email accounts will be created every year for the foreseeable future. This is a frightening thought and you should take this into consideration when deciding how to approach regaining control of your website.

CategoryBlog