GoDaddy Fails Crisis Communications Test

Posted: April 27th, 2010 | By: Steve Mullen | Filed under: PR Opinion | 9 Comments

I’m a huge fan of WordPress for building web sites. I’m also a fan of GoDaddy, although I know many people don’t share my opinion. If you haven’t heard, WordPress and GoDaddy are very much in the tech news these last couple of days after a massive weekend hack attack that infected untold numbers of WordPress-based sites that are hosted on GoDaddy.

To read more about what happened, check out the coverage on the WPSecurityLock.com blog.

This hack hit me particularly hard, affecting five client sites — three that were live and two more that were being built. Fixing the problem was time-consuming but not terribly difficult once I figured out the problem. I’m not writing this post to compete with other coverage of what happened or how it happened. What interests me from a PR perspective is GoDaddy’s response to this attack. Here’s the statement from them that has been posted in many places:

Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. However, if a virus is detected, you will be notified. The overall security of your password and the content within your account is your responsibility, as password compromises and compromises due to scripting can only be prevented by you.

>>Continue reading…