Godaddy is now offering a suite of security tools focused on fixing your site once it’s been hacked. After reading the details, my reaction was:

Their new offerings range from $4.99/month to $25.00/month. They promise to fix any hacks that happen to your site in a timely manner. That’s all well and good, but there’s a larger scale flaw in this approach. The hack shouldn’t happen in the first place. And where are the backups? Hacks and malware can also damage files, so once they are cleaned and removed, the website is left inoperable. Your business is offline, but hey that malware was removed, at least.

While it’s true, anyone is vulnerable, 99% of the attacks out there are easily preventable. They are initiated by bots (automated scripts, not humans) and are patterned in such a way that they are predictable. The key is to develop and install the website in such a way that it is resistant to getting hacked. Every single site I have moved from Godaddy to our servers has been hacked. Every single one had malware on it. And even if your site is installed and coded like Fort Knox, Godaddy’s infatructure isn’t. Remember they are a deep discount hosting provider. Your site is on a hosted computer with thousands of others. One breach and you all fall.

The problem is not one that can be fixed simply based on the nature of the self-serve shared hosting beast. With our hosting clients, we only host on servers we wholly own and control. It’s like owning the condo building and picking and choosing who enters. You’ll never have to worry about a crackhead moving in next door. Therefore, really, the only solution they can offer is a reactive solution, not proactive solution. And in the web security game, reactions are always too late.