Recently, GoDaddy announced that 1.2 million of their WordPress customers had been affected by unauthorized access. This breach was a result of GoDaddy’s use of plaintext passwords. This number does not include the many customers whose websites have been affected by the breach.
The breach officially occurred in early September but was not identified until November 17th. GoDaddy responded quickly and took action to control and lessen the damage. However, it is believed that this data breach will have far-reaching consequences and that anyone who uses Go Daddy’s Managed WordPress arrangement should assume their site was affected until they hear otherwise.
So, what exactly happened?
It has been determined that the breach was due to a common practice of GoDaddy storing sFTP (secure protocol for file access, file transfer, and file management on a server) credentials as either plaintext or in a format that could be easily converted into plaintext. This made it rather easy for a hacker to gain access. For the record, industry best practices for storing this information is to store salted hashes of the passwords or by providing public key authentication.
How Do You Know if Your Website Has Been Breached?
While your website might not make tech news if it is breached, that doesn’t make being hacked any less of a threat. In fact, over 30,000 websites are hacked every day! So, how can you tell if your site has been hacked? While you can certainly run a scan of your website using a tool such as MalCare, SUCURI, UpGuard, or other website security tools to locate a breach, simply being heedful to the goings-on of your site can help, too.
In your website vigilance, there are several symptoms to watch for, but the list is not conclusive- especially since hackers are always finding new ways to wreak havoc for website owners.
Spammy Site Redirects
Perhaps the most obvious sign of a hacked site is when your website URL takes you to a malicious domain. These sites have evolved to be increasingly slick often making it look like your site is working fine. This form of a breach is one of the craftiest tricks used by hackers.
If one of your site guests is notified from Google Chrome -or any browser- that your site is not safe, chances are strong that your website has been compromised. The red popup box may say there was a phishing attack, the site has malware on it, or perhaps another message indicating that you have a problem. If you have Google Search Console set up on your site, then this will provide any alerts so you can address issues sooner rather than later.
As aforementioned, site guests may be notified of a hack when they endeavor to access your website. Hopefully, should this happen, they will let you know immediately so you can make changes. If a customer notifies you of a breach, be sure to let them know that the necessary actions are being taken. Then, take your site offline to correct the breach and minimize risk to anyone else.
Sometimes, a hack is discovered because there are email replies with a history or source that you did not use or perhaps, never event sent/wrote. A hack might also be evident via social media, text messages, or emails with undisclosed information or photographs.
If you start getting emails/calls from your clients saying their credit cards have been hacked on your website, this can be a good indicator you have a security breach.
If your website becomes unusually slow or inaccessible, 503 error messages occur, or you get server overload warnings from your provider, it could be a symptom of a site breach.
Action Items if Your Website Has Been Hacked
If you are concerned that your website might have been affected by this breach- or perhaps you just want to be proactive- then are some steps you can take.
Change all your WordPress passwords. If possible, require your WP users or customers to do so as well.
- Change any re-used passwords and encourage your customers or users to do so, as well.
- Enable 2-factor authentication whenever possible. A good tool for setting this up is WordFence.
- Scan your site for malware.
- Review your site for any unauthorized administrator accounts.
- Check your site’s filesystem for any unexpected plugins, or plugins that are not listed in the plugin menu.
- Watch for any suspicious emails.
- If you are running an e-commerce site or PII (personal identifiable Information, and you are notified by GoDaddy that your site has been breached then you may be required to notify your customers of the breach. This requirement may vary dependent on the requirements in your jurisdiction, so be sure to follow those requirements.
By following these steps, you can minimize the risk of a future hack thus protecting yourself and your clientele. This is just one more way to establish trust between you and your site guests. And, from any perspective – personal or business- building trust is always a good thing!
Still, have questions regarding your website’s security? Don’t panic! The Page Progressive team knows what to do and what to look for to protect your website. We can review your website for any concerns and determine if there are steps that need to be taken. Be sure to reach out to us!