• GoDaddy Community
  • Managed WordPress Hosting
  • Managed WordPress Hosting

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 
    Go to solution

    WordPress Admin hack attempt

    Hello Community!

     

    I contacted GoDaddy tech support about this issue. They had no clear answer. My WP website went live on 11/5/2018. Since that date, I have detected thousands of hack attempts, trying to gain access to the site/files in different ways. I get that this just happens. On 3/12/2019 though, something new happened. A WP admin login attempt (wp-login.php) occurred where my admin user name was used. My admin user name is a long string of random characters, not something anyone would guess. And what's more perplexing, the attempt came from a GoDaddy IP address. I am the only admin on the site. After this attempt, I created a new admin account, and deleted the old one. Since 3/12/2019, numerous attempts have been made to gain access to my WP site using the now deleted admin account, and many of these attempts are from GoDaddy IP addresses.

     

    Any thoughts or ideas on how this has happened? Thanks for reading this far, and a special thanks if you reply!

    2 REPLIES 2
    Highlighted

    Re: WordPress Admin hack attempt

    in the last 3 days I have had 3 sites I manage for clients have had the same thing happen!!  I cannot figure out what is going on other than somehow someone or some thing is moving freely from account to account on GoDaddys servers/databases.  I make  a definite effort to use random admin user names along with other security and somehow these user names are being figured out.  I am making calls today and sending out emails to every client, 50+ that I know if so far, that has their site hosted on GoDaddy and strongly suggesting they move hosting to avoid this. I have always had issues with GoDaddy security on shared hosting accounts but this is just crazy!  What is going on GoDaddy!?

    Super User III
    Super User III
    Solution

    Re: WordPress Admin hack attempt

    @NickInElgin 

     

    I can tell you based on my experience as both a former GoDaddy Hosting specialist and an A2 Hosting Linux Server Admin, that WordPress, if not properly secured, is super easy to break into. If they can access your database through some sort of vulnerability, they'll figure it out. 

     

    I can also tell you that this happens at every hosting company because WordPress itself is constantly plugging security holes and it's the most popular CMS in the world. That means hackers are always going to find a way to compromise sites where the owners don't perform their due diligence.

     

    The only way I've found to defeat this is to use a security suite that includes a firewall on it. It stops all that nonsense dead, for the most part. You still have to keep up your end of the maintenance. I use GoDaddy's Website Security Deluxe. I've seriously had zero issues in over two years. It is 100% worth the price if the site is important to you.



    I am a GoDaddy End User - Just Like You
    Check out my site! | I drink and I know things. Especially about websites and web hosting.
    * Please note that I offer free advice on this forum. If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

    Once your issue is resolved,
    please be sure to come back and click accept for the solution

    Get Better Support on the Community Boards!
    Etiquette When Asking for Help from the Community