
GoDaddy's reputation has been marred by numerous lawsuits and allegations over the years.
The company has faced several class-action lawsuits, including one in 2013 where it was accused of misleading customers about its domain name registration services.
Customers have also taken to social media to express their dissatisfaction with GoDaddy's services, citing issues with domain name transfers and customer support.
GoDaddy has also been accused of engaging in deceptive business practices, including charging customers for services they didn't order.
On a similar theme: Godaddy Domain Name and Github Pages Custom Domain Setup
Lawsuits and Controversies
GoDaddy has been involved in several high-profile lawsuits and controversies over the years.
In 2002, GoDaddy sued VeriSign for domain slamming, and again in 2003 over its Site Finder service. VeriSign shut down Site Finder after receiving a letter from ICANN ordering it to comply with a request to disable the service.
GoDaddy was also sued by Web.com in 2006 for patent infringement.
The FTC has alleged that GoDaddy's data security program was inadequate for a company of its size and complexity. Specifically, they pointed out the following security failures:
- Failure to inventory and manage assets;
- Inadequate management of software updates;
- Insufficient risk assessments;
- Lack of adequate logging of security-related events;
- Failure to monitor for security threats;
- Not using file integrity monitoring;
- Reliance on username/password authentication;
- Failure to implement multi-factor authentication;
- Inadequate segmentation of its shared hosting environment;
- Failure to secure connections to services.
Verisign Lawsuit

GoDaddy sued VeriSign in 2002 for domain slamming.
VeriSign's Site Finder service was the focal point of another lawsuit in 2003, which caused controversy over its role as the sole maintainer of the .com and .net top-level domains.
GoDaddy's lawsuit led to VeriSign shutting down Site Finder after receiving a letter from ICANN ordering it to comply.
In 2006, GoDaddy was on the receiving end of a lawsuit, this time from Web.com, for patent infringement.
Ftc Allegations
GoDaddy has been marketing itself as a secure hosting provider since at least 2015, but the FTC alleges that its data security program was inadequate for a company of its size and complexity.
The FTC's complaint lists a variety of security failures by GoDaddy, including failure to inventory and manage assets.
GoDaddy's management of software updates was also inadequate, with the company not tracking whether operating systems and software were up to date on security patches and not retiring end-of-life systems.
If this caught your attention, see: Godaddy Domain Forwarding Not Working with Https

Insufficient risk assessments were another issue, with the company failing to consider the sensitivity of information in the shared hosting environment.
GoDaddy also lacked adequate logging of security-related events, making it difficult to detect and respond to potential security threats.
The company failed to monitor for security threats, including not fully implementing a security incident and event manager (SIEM) to detect suspicious activity.
GoDaddy did not use file integrity monitoring, which helps detect unauthorized changes to files and data.
The company relied on username/password authentication for employee access instead of more secure alternatives like SSH certificates.
GoDaddy failed to implement multi-factor authentication (MFA) for employee logins and did not offer it to customers.
Inadequate segmentation of its shared hosting environment from less secure networks was another issue.
GoDaddy failed to secure connections to services, such as APIs that provide access to consumer data.
Here are some of the specific security failures listed by the FTC:
- Failure to inventory and manage assets;
- Inadequate management of software updates;
- Insufficient risk assessments;
- Lack of adequate logging of security-related events;
- Failure to monitor for security threats;
- Not using file integrity monitoring;
- Reliance on username/password authentication for employee access;
- Failure to implement multi-factor authentication (MFA) for employee logins and customer logins;
- Inadequate segmentation of its shared hosting environment;
- Failure to secure connections to services.
Customer Service Horror Stories
Customer Service Horror Stories abound, with one developer sharing a nightmare experience with GoDaddy.
GoDaddy's customer service has been known to release personal information of customers who report spamming, as seen in the case of Jamie Bernstein.
GoDaddy bought their way into a 'male allies' panel at The Grace Hopper Celebration of Women in Computing, a conference supposedly by, for and about women.
This move didn't sit well with some developers, who view it as a deal breaker for working with GoDaddy.
The developer's strong recommendation against GoDaddy stems from their personal experience of trying to refer clients to another developer, but being unable to find anyone willing to work with GoDaddy due to its headaches.
If this caught your attention, see: Godaddy Customer Care Chat
Domain Name Issues
GoDaddy's handling of domain name disputes has been a point of contention. In 2006, GoDaddy canceled the domain FamilyAlbum.com due to invalid WHOIS contact information.
The company requires registrars to investigate complaints and initiate domain cancellation if contact data is not updated within a specified period. This led to the cancellation of FamilyAlbum.com, which was later offered back to the previous owner for a price of $18.99, the cost of a backorder.
GoDaddy has since changed its policy, no longer canceling domains for invalid WHOIS information. Instead, domains are suspended and remain in suspension until the owner updates the contact information.
Take a look at this: Domains by Proxy
Deletion of FamilyAlbum.com

In December 2006, GoDaddy canceled the domain FamilyAlbum.com due to invalid WHOIS contact information.
The cancellation was a result of a third-party complaint, which prompted GoDaddy to initiate an investigation as required by ICANN regulations.
GoDaddy sent a notice to the domain owner informing them of the invalid data and advising them to update it or risk cancellation.
The domain owner failed to update the information within the specified time period, leading to the cancellation.
GoDaddy offered to return the domain to the previous owner in February 2007 if they would indemnify GoDaddy from potential legal action by the new registrant.
The new registrant had paid $18.99 for the domain, which was the price of a backorder, not a regular registration.
By November 2007, GoDaddy had changed its policy regarding domain cancellations for invalid WHOIS information.
China Domains
GoDaddy stopped registering .cn domains in March 2010 due to the high amount of personal information required to register in China.

This decision was likely influenced by Google's revolt in China around the same time. GoDaddy's top lawyer Christine Jones told Congress that they didn't want to become an agent of the Chinese government.
GoDaddy resumed registering .cn domain names in February 2016 as part of its push into the Asia market.
Censorship and Boycotts
GoDaddy has a history of censorship and controversy surrounding its domain registration policies. In 2007, the company deactivated the domain of Seclists.org, taking 250,000 pages of security content offline, after receiving a complaint from Myspace regarding posted usernames and passwords.
This incident led to the creation of NoDaddy.com, a consumer activist website where dissatisfied GoDaddy customers and whistleblowers share their experiences. GoDaddy's general counsel, Christine Jones, stated that the company's terms of service reserve the right to terminate access to services at any time without notice.
In 2021, GoDaddy deplatformed the web forum AR15.com following the U.S. Capitol attack, citing the site's failure to moderate content promoting and encouraging violence. This move sparked condemnation from the National Shooting Sports Foundation, which called it an "indiscriminate silencing of opinion and debate".
Suspension of Seclists.org and Acquisition of No Daddy

The suspension of Seclists.org was a significant event in the world of online censorship. On January 24, 2007, GoDaddy deactivated the domain of computer security site Seclists.org, taking 250,000 pages of security content offline.
This drastic measure was taken after Myspace complained to GoDaddy about 56,000 usernames and passwords posted to the full-disclosure mailing list and archived on the Seclists.org site. GoDaddy general counsel Christine Jones stated that the company's terms of service "reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever."
The shutdown of Seclists.org had severe consequences for its administrator, Gordon Lyon, who had to go to great lengths to get the site reactivated. He provided logs to CNET showing that GoDaddy de-activated the domain just 52 seconds after leaving him a voicemail.
The suspension of Seclists.org led Lyon to create NoDaddy.com, a consumer activist website where dissatisfied GoDaddy customers and whistleblowers from GoDaddy's staff share their experiences. NoDaddy.com was so effective that it returned a top 5 result on Google for a search for GoDaddy.
In a surprising twist, shortly after Bob Parsons' sale of GoDaddy, the company purchased gripe site No Daddy, effectively silencing its critics.
Selective DNS Blackout
GoDaddy has been in the news for its selective DNS blackout policy, which blocks DNS queries from certain outside DNS servers. This policy prevents slow DNS, but also makes it difficult for customers to pinpoint GoDaddy as the problem.
In July 2011, GoDaddy introduced this policy to prevent slow DNS, forcing some search engines to exclude domains hosted with GoDaddy. This policy affects search engine ranking for various GoDaddy customers who have multiple domains with different registrars.
GoDaddy's servers are under-provisioned, meaning they can't handle their normal load. To prevent slow DNS, they block 100% of packets from hand-picked DNS servers based on volume and visibility.
This policy has also interfered with projects that collect Internet statistics. GoDaddy has refused to comment on the policy or the perception that their servers can't handle the load or they're giving preference to their platinum level customers first.
GoDaddy claims this policy is to protect users' privacy, and that they're ensuring DNS records are being accessed properly and not being harvested for unintended uses.
Deplatforming Clients as Protest
In 2006, GoDaddy locked access to the Irish Web site RateYourSolicitor.com after the Irish high court issued an order to remove offensive material about a barrister from the site.
Deplatforming clients can be a powerful form of protest, but it's not without controversy.
GoDaddy shut down RateMyCop.com in 2008, citing too many simultaneous connections as the reason, but the site's owner claimed it was due to complaints from police.
This raises questions about the role of web hosting companies in policing online content.
In 2021, GoDaddy deplatformed the web forum AR15.com following the U.S. Capitol attack, citing the site's failure to moderate content that promoted and encouraged violence.
The National Shooting Sports Foundation condemned the move as an "indiscriminate silencing of opinion and debate."
For more insights, see: Godaddy Web Page Editor
Security and Malware
GoDaddy has a history of security breaches and malware issues. In 2018, the company was one of the top malware hosting networks.
In 2018, 31,000 GoDaddy servers were exposed by Amazon AWS. This is a staggering number, and it raises concerns about the company's data security.
A security breach in 2019 affected 28,000 customer hosting accounts, with the breach lasting for six months before detection. The breach was conducted by utilizing an altered SSH file and targeted customer's hosting information.
In 2021, GoDaddy discovered unauthorized third-party access to their Managed WordPress hosting environment, affecting up to 1.2 million clients. This breach exposed email addresses, phone numbers, WordPress admin passwords, SSL keys, and sFTP passwords.
GoDaddy's security failures have resulted in multiple major security breaches between 2019 and 2022. Here are some of the notable breaches:
Personal experience has shown that even with two-factor authentication, account security can still be compromised. I've had my GoDaddy account hacked, with someone from Turkey logging in and using my saved credit card to purchase services.
Infrastructure and Performance
GoDaddy's infrastructure and performance issues are a major concern. The company's resource limits are severely restrictive, with even the Deluxe plan only offering 1 CPU core, 512MB RAM, and 250,000 inodes.
GoDaddy's resource throttling only lets you use 25% of the 1 CPU core you have access to, which is why 503 service unavailable errors are common. This limitation can cause your site to slow down or not be served at all.
The inode limits are particularly low, which can be exceeded if you use your hosting for email. In fact, inode limits are usually exceeded when using your hosting for email, making it a good idea to keep your web/email hosting separate.
Here's a breakdown of GoDaddy's resource limits:
GoDaddy's overcrowded Apache servers are another issue, with iThemes calling out the company for its non-traditional setup. This can lead to slow database servers and network latency.
Limited CPU, RAM, Inodes
GoDaddy's resource limits are a major concern for website owners. You get 1 CPU core, 512MB RAM, and 250,000 inodes, even on the $11.99/mo Deluxe plan.
This is a far cry from what you'd expect from a hosting provider, especially considering the price. You're essentially being charged for a fraction of the resources you need to run a smooth website.
Take a look at this: Cost of Hosting a Website on Godaddy

GoDaddy's resource throttling only lets you use 25% of the 1 CPU core you have access to. This means that even with the most basic plan, you're already being limited in your website's performance.
The inode limits are particularly problematic, especially if you use your hosting for email too. With only 250,000 inodes, you'll likely exceed these limits quickly, leading to website slowdowns and errors.
Here's a breakdown of GoDaddy's resource limits across their plans:
As you can see, the resource limits don't improve much as you move up the plans. You're essentially paying more for the same limited resources.
Limited Control Panel
GoDaddy's control panel is limited in its functionality, only allowing users to perform very basic tasks like upgrading PHP versions and taking backups.
You can barely do anything else with it, as it seems to be designed with beginners in mind, as mentioned by users who've had hands-on experience with it.
The file browser is accessible, but that's about it, leaving users with limited control over their infrastructure.
This can be frustrating for users who need more advanced features to manage their websites and applications efficiently.
Upgrading PHP versions is one of the few things you can do with ease, but even this process can be buggy at times.
Limited control panels like GoDaddy's can hinder productivity and make it difficult to scale your online presence.
If you're planning to use GoDaddy for your website or application, be aware of the limitations of their control panel and plan accordingly.
Support Deteriorated
GoDaddy's support used to be awesome, but that was before their IPO. Now you can expect long wait times.
Many developers have shared their negative experiences with GoDaddy's support, citing unresolved issues and a lack of interest in fixing problems unless it involves giving them money.
You get what you pay for, as the old saying goes. GoDaddy's support has taken a turn for the worse, with some users reporting solicited good reviews from their support team.
GoDaddy's TrustPilot reviews about support are a red flag. They're not exactly a glowing endorsement of their customer service.
As a developer, I've seen firsthand how GoDaddy's support can be a major headache. It's a shame because they used to be a reliable option.
Advertising and Reputation
GoDaddy's advertising has been a major point of contention for many years. The company has a history of using sexist and demeaning portrayals of women to sell their services.
One notable example is their use of Jillian Michaels in commercials, where she would wear a tight sports bra with the GoDaddy name emblazoned on it. This type of advertising perpetuates the objectification of women and contributes to a negative reputation.
The company's advertising tactics have been particularly egregious during high-profile events like the Super Bowl.
WordPress and Plugin Issues
GoDaddy blacklists several WordPress plugins, including backup and cache plugins, citing server caching as the reason. This means you'll need to pay for a premium cache plugin.
You can't use just any cache plugin, especially if you're not on a LiteSpeed server. LiteSpeed Cache is an option, but without a LiteSpeed server, you'll miss out on many features.
GoDaddy's blacklisting has a lot of users frustrated. They're forced to pay for a premium cache plugin or find a different hosting service.
FlyingPress is a recommended premium cache plugin. It can help improve your core web vitals.
Settlements and Orders

In 2022, the FTC issued a proposed order to settle charges against GoDaddy, requiring the company to improve its data security practices.
GoDaddy will no longer be able to misrepresent its security practices and compliance with any privacy or security program.
The proposed order also requires GoDaddy to establish and implement a comprehensive information security program to protect its website-hosting services.
This program must include several key components, such as hiring an independent third-party assessor to conduct regular reviews of its information security program.
Here are the specific requirements of the proposed order:
- Prohibit misrepresentation of security practices and compliance;
- Establish a comprehensive information security program;
- Hire an independent third-party assessor for regular reviews;
- Provide annual certifications from a senior executive officer.
The proposed order aims to ensure that GoDaddy takes its data security responsibilities seriously and provides a safer experience for its customers.
Problems Persist
GoDaddy's problems with domain hijacking are ongoing, despite public reports of resolved issues. Since two reports about vulnerability issues at GoDaddy came to light, domain hijacking has not ceased and continues to this day.
In June 2019, Spamhaus researchers observed over 10,000 domain-shadowed legitimate domains pointing to Russian infrastructure. These domains were being abused by miscreants who added hostnames for their own malicious purposes.
Our researchers reported these domains to GoDaddy directly, but received no response. It wasn't until we began reporting the issue to a wider audience that domain shadowing resolved itself, and still, GoDaddy didn't respond publicly.
In December 2019, our researchers identified that domains registered at GoDaddy were being hijacked again, this time through changes to nameserver records. We've seen up to 100 newly hijacked domains daily, all pointing to Russian space.
We've reported this issue to GoDaddy multiple times, but received no response or acknowledgement of the problem. The lack of clear explanation for the cause of these hijackings is particularly worrisome.
Some users who've implemented best practices have still been hijacked, leaving them without a clear explanation from GoDaddy. This lack of transparency and help from GoDaddy is puzzling, especially given their struggles with domain hijacking.
Featured Images: pexels.com


