Free: Assessment Does your website build trust with buyers and bring in revenue?

Score My Website

Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.
Score My Website

Free: Assessment

GoDaddy vs. WP Engine: How they compare when your website gets hacked

By Daniel Escardo

GoDaddy vs. WP Engine: How they compare when your website gets hacked

Owning and operating a website has intrinsic risks associated that no one can shirk. Probably the most notable is the risk of being hacked. 

It’s an unfortunate fact of life just like owning a home has associated risks — fire, theft, water damage, sinkhole... you get the idea — it’s the same with owning a website.

With this in mind, one thing many businesses overlook when shopping for a web host is evaluating the type of support you can get when your website gets hacked, but it might save the day when you least expect it.

Many platforms and hosting companies claim to be more secure than their competitors, but anything connected to the internet is vulnerable. 

Choosing the right partner that will protect your site and your customers as much as possible, then quickly move to help get you back up and running is really the best you can do.

I’ve personally dealt with quite a few web hosts over the years, but no two more than GoDaddy and WP Engine. These two, for many reasons, are my go-to web hosts, depending on the client, their hosting needs, and budget.

Let’s see how they stack up when looking at their support in getting a hacked site back online.

What should you look for from support if you’re hacked?

Picture this: you wake up and there are 35 text messages and 13 missed phone calls waiting for you. You nervously call into work. Your site has been hacked. 

It started out subtle at first, some weird links started showing up on pages here and there, then customers started calling to say that they submitted a form on your site and were redirected to an online casino. Now none of your site administrators can access the site. 

Oh yeah, it’s hacked.

This nightmare scenario happens from time to time, and it’s in choosing the right hosting partner that the anxiety associated with the subject can be eased. 

When you've been hacked, at first you might not know where to turn or exactly what you need to do first.

Well, I’m here to tell you that all you really need is someone that will make it easy to reach out for their help, will respond quickly, assume some responsibility, and help get you back up and running. That’s it.

These simple assurances help me sleep better at night — especially as our WordPress client base grows here at IMPACT — so let’s compare the two platforms based on these criteria.

Contacting support via chat

Chat is my preferred method of communication with support. It saves me time and allows me to work while they work in the background to solve the problem.

Both chat support experiences are commensurate and both do provide some immediate information.

GoDaddy’s chat starts off as just a bot; an automated response software which feels geared towards providing a way for customers to self-diagnose and self-support without immediate access to a human being.

Once you’ve self-categorized and gotten past all the prompts seemingly designed to make you go away, you do eventually end up chatting with a human being, but the communication feels disjointed at best — and downright frustrating at worst.

In some cases you’ll get canned responses, which are definitely polite but not especially helpful. In other cases, you’ll wait a long time, sometimes as much as 5-7 minutes for a response (which feel like an eternity) only to realize they’ve completely misunderstood your question.

I’ve had a few cases where I know they’ve suggested I do something that would have zero bearing on the issue I’ve described.

WP Engine, however, actually had another person in the chat that was able to intelligently respond with pertinent questions and information that helped get me back online quickly and efficiently with virtually zero hold time. It was an actual personalized conversation.

In the aftermath of a hacking, human connection and efficiency win the day.

Winner: WP Engine

Contacting support by phone

While GoDaddy’s call-in experience is a bit more fun, with some casual and humorous language designed to keep me entertained as I navigate through their phone prompts, I found that both providers had very knowledgeable support staff that were able to quickly provide next steps I should follow.

At GoDaddy, my personal experience with requesting support has mostly been limited to shared hosting, so I can’t compare apples to apples, but their support staff have always been able to diagnose the issue, disable infected files, and recover them where possible to get the site back online.

I’ve had to call GoDaddy more often since their chat option almost always leads to frustration for me. For this reason I do have quite a bit more experience with them on the phone.

WP Engine’s support staff, however, will usually recommend a restoration from the “last good backup” — typically recommending you use the backup generated at least one day before. This is to ensure that you don’t inadvertently restore a backup that still contains the hacked code.

I agree with this being the best approach. Then, once the site is restored, they’ll typically recommend you go through and update everything to the latest available version — in other words, the site’s core WordPress installation and all pending plugin updates.

All that said, both hosting providers have friendly and experienced staff and I honestly can’t complain with any of my experiences at either one, but I’d say GoDaddy has the upper edge here. Their hold times have been shorter, in my experience, and their phone support just feels more robust overall. 

Winner: GoDaddy

How quickly can we get back online?

I’ve asked this question many times over the years and the answer is always the same: “Don’t worry, we’re working fast to get you back up and running as quickly as possible.” 

The thing is, that usually means back up and running in the current, potentially still-hacked state. 

If the website's hacker has used self-propagating code, it’s very difficult to eradicate. Removing one file can sometimes trigger ten new files to be created.

The best way to ensure you get back to a clean version of your site is by using a backup you know, to the best of your knowledge, is clean.

WP Engine has one-click backup restore, which I’ve used quite a few times and works very well. 

The process is painless and is a game changer when it comes to sleeping well at night. Having that backup service run every day is a security blanket you don’t know you need until you need it.

GoDaddy offers backup services included in their Managed WordPress hosting plan or for an additional fee on their shared hosting plans.

Using it is also one-click, and I’ve never had any issues with it.

This round is a tie, folks.

Winner: Tie

So, which do I recommend?

If you run a WordPress website and you have a little bit extra every month in your budget (I’m talking about $10 more), then I’d recommend going with WP Engine.

The services they offer and the way they’ve executed them, in my opinion, are superior when it comes to security and continuity. Overall they’re a better value.

That said, GoDaddy does have a comparable offering in its Managed WordPress space. 

For only $20 per month you get, essentially, the same services as WP Engine (Managed WordPress Hosting, backup, SSL, CDN, etc.) but to me it’s a bit harder to engage with GoDaddy if you ever need support.

If you don’t run a WordPress Website, then GoDaddy is your only option here. Any one of their plans can be augmented with a backup service for your peace of mind.

But the real trick is avoiding hacking altogether

Hopefully, you’ll never have to deal with any of this. Here are steps you can take right now to minimize the risk of being hacked.

We’ve covered some ways to secure your website before, and it’s always important to follow the usual best practices — like enforcing the use of strong passwords, keeping your software up-to-date, and generally being smart about your overall security practices — but here are some other ways you can minimize your risk.

If I could suggest just two steps that you could take right now that would accomplish 80% of the risk mitigation, it’d be the following:

1. For WordPress’ stand-alone content management system: Use a Managed WordPress hosting plan.

This is moot for WP Engine because they only offer Managed WordPress hosting, but for those stand-alone CMS users on GoDaddy, it’s better to allow them to handle security, backups, etc. for you by taking advantage of their WordPress hosting plan.

They’re typically only a tiny fraction more of your budget compared to their shared hosting, but well worth the investment.

2. Be ready to restore at a moment’s notice.

No site is free of vulnerabilities no matter what is advertised. The most important thing to keep in mind is continuity. To ensure seamless continuity for your brand and for your customers, you’ll need a robust and super easy to use backup and restoration process.

That’s it!

Additional resources:

WP Engine: So your site got hacked 

GoDaddy: My site got hacked. What should I do?

Oh and by the way, you don’t need to worry about this at all if you’re using a SaaS hosting provider.

When you rent your home, all the risks that come with it are assumed by the landlord and you pay a monthly fee (i.e. rent) that includes enough monetary value to assume all the associated risks and maintenance.

It’s the same with SaaS (software as a service) platforms like HubSpot, Wix, Squarespace or (not to be confused with, which is the stand-alone version of WordPress). 

Typically, the parts of these softwares that power the overall browsing experience is shared among all their clients. This ensures the utmost attention and prevention possible since one breach would affect so many customers. 

A hacking scenario is exceedingly rare because there are people working behind the scenes at all times to avoid it completely.

Usually a SaaS hosting company like HubSpot, for example, will cost a little more money, but that fee includes the assumption of responsibility that your site will always be working smoothly so you can focus on what you do best — delighting your customers. 

Depending on your budget and software needs, this might be an alternative and attractive option.

Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.


Web Design
Data Security
Published on July 2, 2020

Recent Articles

Website Conversions in 2023 — STOP, START, KEEP
January 25, 2023 • 5 min read
How Much Does a Website Design or Redesign Cost in 2023?
November 21, 2022 • 9 min read
8 of the Best Business Website Designs to Inspire You in 2023
November 17, 2022 • 7 min read
Take It From an Expert: You Probably Don’t Need a New Website
November 16, 2022 • 4 min read
What Does a Great Inbound Marketing Website Look Like in 2023?
November 14, 2022 • 12 min read
Your 2023 Website Strategy Must Include These 6 Things
November 4, 2022 • 9 min read
4 Ways To Recession-proof Your Website In 2023
November 1, 2022 • 5 min read
8 Best Content Management Systems for Digital Marketing in 2023
October 1, 2022 • 9 min read
12 Essential Tips for Improving Your Web Design in 2023
September 13, 2022 • 16 min read
What Is a Learning Center and Why Does My Website Need One?
July 28, 2022 • 6 min read
23 of the Best Examples of Business Blog Design
May 30, 2022 • 13 min read
5 Prep Secrets for a Smoother, More Successful Website Project Plan (+ Infographic)
May 16, 2022 • 8 min read
Website Redesign Checklist: The 12 Crucial Steps You Need To Be Successful
February 22, 2022 • 17 min read
11 Pricing Page Examples for Business Websites (Updated for 2023)
January 18, 2022 • 10 min read
8 Crucial Elements Every Homepage Design Should Have [+Video]
January 15, 2022 • 6 min read
What Makes a Good Website Design? 7 Award-Winning Examples To Be Inspired By
December 18, 2021 • 9 min read
7 Self-Service Tools on Business Websites to be Inspired By
September 29, 2021 • 7 min read
Google Shares New Tools to Audit Website User Experience
August 12, 2021 • 3 min read
New HubSpot CMS Hub Starter Tier Released for Growing Businesses
August 6, 2021 • 4 min read
Too many internal links in content can confuse Google about site structure
July 9, 2021 • 5 min read
Google July 2021 core update rolling out over next 2 weeks
July 2, 2021 • 4 min read
6 tips for building a great diversity and inclusion page (+examples)
June 29, 2021 • 7 min read
Google punts third-party cookie ban to 2023 for 'responsible planning'
June 25, 2021 • 6 min read
8 types of website performance metrics you should look at on a monthly basis
June 24, 2021 • 11 min read
Finally, Google page experience core update is rolling out
June 18, 2021 • 3 min read