Linked: Over 1 million GoDaddy WordPress accounts breached
This is not great, but really it’s just another day in breach-land, isn’t it?
The popular web hosting company said up to 1.2 million active and inactive Managed WordPress customers had their email address and customer numbers exposed.
GoDaddy customers were also notified that the original WordPress admin password that was set at the time of provision was exposed. If those credentials were still in use, GoDaddy reset the passwords. GoDaddy also reset the passwords for active customers who had their sFTP and database user names and passwords exposed.
The breach of the WordPress credentials is bad, as is the sFTP credentials. Sure, if you are still using the same WordPress password that GoDaddy assigned to you when you started the account, you really need to step up your game.
WordPress is an inviting target, because getting admin access to a WordPress install, or really any other content management system, makes it super easy to lock out the original owner and inject anything you want into the site. Want a place to spread malware in drive-by injections? Nothing like an already existing, and maybe even trusted, WordPress site, eh?
This is why if you want to go crazy and start a blog, by all means, go for it, but stop to learn a thing or two about security first. Consider some of the easiest ways WordPress gets hacked that don’t require a lot of technical knowledge to avoid.
Things like:
- Don’t use the default “admin” account. Disable it completely.
- Use a plugin that can redirect the login page to something other than the default page.
- Use a two-factor authentication plugin. (Q. for WordPress, why isn’t this part of the core build?)
- Use a quality security plugin like WPBruiser, to lock down other areas of the admin, and to provide information about hack attempts.
- Keep an eye on your site, and the content.
- Keep up with your updates.
- Also, keep an eye on any sFTP accounts for ways to keep those secure. Changing passwords regularly, unique passwords and usernames, etc.
The easiest way to lose a site, and potentially be part of an even much larger problem after that happens, is to allow your WordPress credentials to get compromised. Sadly, if your hosting provider or WP manager has a breach that may still happen, but having some other tools in place is the best way to mitigate that risk.
If you’re going to take part on this vast web that we’ve got going on here beyond social media, make sure you play your part when it comes to staying secure too.
https://www.scmagazine.com/news/breach/over-1-million-godaddy-wordpress-accounts-breached
