If your site is on hosting Godaddy, stop scrolling and read this article so as not to get angry and respond to people who are upset.
When and how ??
On the morning of the 22nd of this month, Godaddy revealed that an unknown hacker entered his system and affected over 1.2 million WordPress sites.
The team wordfence, the infamous security add-on, tried to contact Godaddy, but of course they didn’t respond.
The attacker had accessed the hacked passwords on September 6, and the company discovered it on November 17.
Imagine that the attacker spent two months circulating on Godaddy’s server, back and forth, without anyone knowing anything about him! More than two months!
This is really a very long time, for a hacker to take over a large set of customer data.
Of course, the follow-up on the vulnerability, its circumstances and its details, will surely take some time and will occupy the discussion of professionals in the security and cybersecurity field.
The link to its details will be posted on future articles as they appear, so everyone is aware of the details, and understand the circumstances of the case.
What is important is that the hacker gained access to the names of the users, their mail, their secret numbers, phone numbers, login details for WordPress sites, and SSL certificate keys, almost everything.
What to do to escape the dearth of security holes on Godaddy?
Ok, thank you sir
My WordPress site is on Godaddy, what should I do now?
- Change all passwords for WordPress and if possible and you have editors and users, force everyone to reset a password.
- Enable 2FA two-factor authentication on your site, WordPress has a lot of plugins in it, but the best thing is Wordfence.
- Scan your site for malware with a security scanner.
- Check your site’s file system, including wp-content / plugins and wp-content / mu-plugins, for any unexpected plugins, or plugins that do not appear in the plugins list, so that you can use legitimate plugins to maintain unauthorized access.
Unfortunately, this type of hacking will have far-reaching consequences such as:
- the sale of this data to companies or individuals;
- The use of email addresses for the purposes of fraud, phishing, and sending suspicious or bomb-filled messages to control your mobile devices, computer or server.
Therefore, I advise everyone to do the four points mentioned above.
With a free Google test to teach you how to easily identify and deal with phishing scams via (phishingquiz.withgoogle)