How to change ALL your Go Daddy passwords & more

Broadband Expert wrote about the hacked Go Daddy web sites.  What is frightening is the Go Daddy security does not know how the hackers obtained the usernames and passwords.

Even more frightening is that they really don’t know if any additional accounts were accessed which could leave them vulnerable to credit card theft, although that information has probably been sold or shared by now.

I recommend changing all your passwords in Go Daddy right now.

Before you log into your account, run a good antivirus scan on your computer and be sure to have it check ALL files.  Next, run a good malware program to make sure that there are no key loggers hiding on you system or else they will have your new passwords shortly after you change them.

One more thing: get a sheet of paper and a pen.  Write at the top of the page Go Daddy Settings and write down all the changes you make.  Do not use a file on your computer to store this information.

If you have a pad of paper, tear a sheet off and place it on the table.  Yes, someone can retrieve the information you write on a pad up to several sheets down.

Next read my advice article on passwords: 1$ y0ur p@$$w0rd pr0t3ct3d @cc0unt r3@lly s3cur3 fr0m pry1ng 3y3$?.

So now you can log into your Go Daddy account and we will change all of our passwords and important settings.

As soon as you log in you will see a green bar across the screen underneath the Go Daddy logo that reads “Domains, Hosting, Email…” with a My Account button in black.  The “My Account” in white letters changes to a nice orange color when you place your mouse over it; looks good for Halloween.  Click on the button and not the drop-down arrow to the right of that.

Ignore all the account management stuff to the left of the screen.  Underneath your name you will see your customer account number.  Write down this number on your paper and make sure you label it Account Number.

Underneath that, you will see a link Update Security Settings.  Click on that link.

Look to the right-hand side of the new screen and you will see an Account Security Information box.  This is the first area to attack.

If you are using a separate email account for only your Go Daddy account information, I recommend discarding that one and getting another one.  Use any of the free accounts available, but do not use a Go Daddy email address for this one.  If your Go Daddy account is broken you will not be able to get important Go Daddy information like they were unsuccessful in charging your credit card and are shutting down your account.

The login name really isn’t that important since you can also log in with your Go Daddy Account Number, which you cannot change, and if your account has been hacked, the hackers will have your account number.  If it makes you feel better, change it.

If the “Card on File” box is checked, uncheck it.  Yes, it makes it easy for you to make purchases without having to enter your card information, but is also makes it easy for a hacker to make purchases using your credit card.

Next, change your password.  You will need a very strong password.

Review Go Daddy’s password requirements by hovering your mouse over the “Password Requirements” link.  If you have not already read 1$ y0ur p@$$w0rd pr0t3ct3d @cc0unt r3@lly s3cur3 fr0m pry1ng 3y3$?, read it now on strong passwords.

To change your password, enter your current password and then your new password.  Then confirm your new password.

Go Daddy requires a Password Hint.  Enter something here, but do not enter anything that remotely references a hint.  If you can’t think of anything just enter “I do not like hints” and that should satisfy Go Daddy.

Next, enter a new Call-in Pin.  Read Go Daddy’s recommendations on a PIN selection.  In addition to that DO NOT spell out your dog’s name or other name in your life.

Make sure you have written down all the information on that sheet of paper.  Then click the green Save Changes button.

We are not finished yet.  There is a lot more to change.

Look at the center of the page and you will see an AccountExec link.  Click on the link even if you have not assigned any account execs.

If you have not assigned any account execs and you see some listed, click on them and click the red Revoke button.

After you are finished all the changes in this article, call Go Daddy Support (480-505-8877) and report to them you found someone had hacked into your account and created AcountExecs without your permission.

If you have created AccountExecs, call them up and have them exit Go Daddy if they are in it.  Tell them out of the recent security concerns you are going to revoke their permissions.

Send them the link to this article and when they have changed their Go Daddy account, add them back as AccountExecs.  It’s a good way to make sure your account stays secure and your web sites and databases are safe.

 

On the left-hand side of the page find “Hosting” under My Products and click on it.

Under the My Products on the new page you will see a Launch button for each domain you have registered.  You will do the following for every domain.  Click on the blue Launch button to bring up the Control Center.

Underneath the Domain name you will see the FTP box.  Change the admin password and the passwords for any other users you may have.  Make sure you write down the information because you will need this in the future.

You say you do not have any databases?  If you set up a blog on your Go Daddy account you definitely have a database or even multiple databases.  It’s now time to make them secure if someone gained your database username(s) and password(s).

WARNING: As soon as you change the password for a database you will have to change the password reference is all programs that access that database.  The instructions I give here are for WordPress.  If you do not know where the settings in the third-party programs are located, do not perform these steps until you find out.  Your application will be broken.

Scroll down until you see the Databases bar and click on the arrow to expand the section.  Click on MySQL or whatever database you have installed.  Don’t bother clicking on the Easy Database, as this a product Go Daddy is trying to sell you.

You will now see a list of all your databases.  If you don’t see any databases listed you are finished with this domain.

Click on the pencil icon.

You will see a screen with the MySQL Database Information.  Click on the Password icon at the top.

 

 

Enter the new password and click ok.

You will go back to the preceding page.  Click on Home tab.

You will now need to change the password reference in your application(s) that use this database.  Here are the instructions for changing the reference in the WordPress installation.

Click on the large FTP*File Manager icon in the upper left of the Hosting Dashboard.

 

You will now be at the FTP File Manager.  Browse down and find the file

Wp-config.php – click the check box.

Click on the Edit icon on the top of the page.  A text edit window will open up.  Find the following statements in the Wp-config.php file:

/** MySQL database password */

define(‘DB_PASSWORD’, ’0123456789′);

Change the password reference (0123456789 is the password shown here for your reference) and make sure you keep all the other punctuation intact.  If one of those apostrophes are missing you will break the WordPress access.

Double-check the password and then click the save icon that looks like a tiny blue 3-1/2” floppy.

After you perform these same steps with all of your databases, go on to the next domain name you have and change the other passwords.

You should now feel better knowing your web sites and data are safe.  Do you think Danica Patrick changed her Go Daddy account password?