Lock down a compromised GoDaddy account
If your GoDaddy account's security is compromised, you should change all of your information in it to prevent others from regaining access.
Change your passwords and identifiers
To ensure no one else can contact us on your behalf, we urge you to change the information we use to validate your identity.
- Change your account password.
- Change the password for any email addresses (such as with Microsoft 365) associated with your account.
- Change the PIN you must use when you call Support.
- You should also consider enabling two-factor authentication for account information changes.
Change your payment methods
- Change the payment methods you use for products in your account.
- Delete payment methods you no longer use for your products.
Remove delegate access
- Remove delegate access for anyone you've invited to access your account.
Remove unknown API Keys
- Visit developer.godaddy.com and select API Keys to see a list of API Keys associated with your account. To delete an unfamiliar API Key, select the trashcan icon, then Delete: Delete this key. Select Delete to confirm.
Verify your domain contact information
- Make sure that your domain's contact information is up-to-date to prevent transfer of ownership.
Change login information for other products
You should change all logins to prevent anyone from accessing your products:
- Email: Change your Microsoft 365 email password to prevent others from logging in to your email.
- Hosting: Change the FTP password for your Linux (cPanel) or Windows (Plesk) hosting plan.
Remotely log out of my GoDaddy account
Remotely sign out of your GoDaddy account if you think your account might be compromised. This will sign your account out of all devices and browsers.
