How to change your Managed WordPress passwords after a security incident
If you know that your Managed WordPress site's login credentials have been compromised, you first need to change all your passwords. With Managed WordPress there are three credentials you need to change:
- WordPress admin login
- SSH/SFTP password
- WordPress database password
Follow these instructions to change all your passwords and review the list of additional resources, including specific resources for Colorado, Delaware, Illinois, New York, New Jersey, Oregon, and Vermont residents.
Change your WordPress admin login
- Navigate to your WordPress login page.
Note: https://[your domain]/wp-login.php
- Select Lost your password?
- Enter your username or email address into the field.
- Select Get New Password.
- Check your email for the password recovery email.
- Open the email and select the password recovery link.
- Enter your new password and select Reset Password.
Your WordPress admin login password has been updated!
Change your SSH/SFTP password
For your security, we no longer store the SSH/SFTP sign in credentials in your dashboard. You'll need to copy the new username and password and store them in a safe place after changing them.
- Go to your GoDaddy product page.
- On your My Products page, next to Managed WordPress, select Manage All.
- For the site you want to use, select Settings from the menu.
- Under Production Site, find SSH/SFTP login and then select View or Change.
- Copy the Hostname for use in your FTP app, and then select Create New Login.
- Select Create New Login again.
Note: This will delete your current SFTP username and password.
- Copy the new Username and Password for use later, and then select Close.
Your SSH/SFTP username and password have been updated!
Change your WordPress database password
We've already changed your password for you. There is no need for you to change it. If you would like to see the new password, please follow these instructions.
- Go to your GoDaddy product page.
- In your My Products page, next to Managed WordPress, select Manage All.
- For the site you want to manage, select Settings from the menu.
- Under Production Site, select Show more.
- Next to Database details, select View.
- Select the eye icon to view your WordPress database Password.
The below additional resources are being provided pursuant to applicable state laws. Please note that, to date, our investigation has not revealed any evidence that the unauthorized third party had access to credit card information, or any other financial information.
Helpful Contacts: You can learn more about how to protect your credit by contacting the Federal Trade Commission (FTC) or your state's Attorney General to obtain information including about how to avoid identity theft, place a fraud alert, and place a security freeze on your credit report.
- Federal Trade Commission, Consumer Response Center 600 Pennsylvania Avenue, NW, Washington, D.C. 20580, 1-877-IDTHEFT (438-5338), www.ftc.gov/idtheft
Order Your Free Credit Report. To obtain an annual free copy of your credit reports, visit annualcreditreport.com, call toll-free at 1-877-322-8228, or contact the major credit reporting agencies. Their contact information is as follows:
P.O. Box 740241
Atlanta, GA 30374
P.O. Box 2002
Allen, TX 75013
P.O. Box 1000
Chester, PA 19016
Fraud Alert: You may place a fraud alert in your file by contacting one of the three nationwide credit reporting agencies listed above. A fraud alert tells creditors to follow certain procedures, including contacting you before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you but also may delay you when you seek to obtain credit.
Security Freeze. You have the ability to place a security freeze on your credit report at no charge. A security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent but may delay your ability to obtain credit. To place a security freeze, you must contact each of the three credit bureaus listed above and may be required to provide your full name; SSN; date of birth; the addresses where you have lived over the past five years; proof of current address, such as a utility bill or telephone bill; a copy of a government issued identification card; and if you are the victim of identity theft, the police report, investigative report, or complaint to a law enforcement agency.
Fraud or Identity Theft. If you suspect incidents of identity theft, you should file a report to law enforcement, the FTC, or the Attorney General. If you are the victim of fraud or identity, you have the right to (1) notify the police and Attorney General of your state; and (2) to obtain and file a police report relating to this incident.
Additional Information: You have the right to obtain any police report filed in regard to this incident. If you are the victim of fraud or identity theft, you also have the right to file a police report.
- For Colorado, Delaware, and Illinois residents: You may obtain information from the federal trade commission and the credit reporting agencies about fraud alerts and security freezes.
- For Oregon residents: You are advised to report any suspected identity theft to law enforcement, including the Federal Trade Commission and the Oregon Attorney General. For more information on security freezes, you can visit the website for the Oregon Department of Consumer and Business Services at www.dfcs.oregon.gov/id_theft.html and click on “How to Obtain a Security Freeze.”
- For New York residents: You may contact the New York Office of the Attorney General at: The Capitol, Albany, NY 12224-0341, http://www.ag.ny.gov/home.html, 1-800-771-7755, and the New York Department of State Division of Consumer Protection at: 99 Washington Avenue, Albany, New York 12231-0001, http://www.dos.ny.gov/consumerprotection, 1-800-697-1220.
- For New Jersey and Vermont residents: You may obtain one or more (depending on the state) additional copies of your credit report, free of charge. You must contact each of the credit bureaus directly to obtain such additional report(s).