Help! Thinking of Leaving GoDaddy Managed WordPress Due to Problematic Security

Hi all

So I’m having an ongoing battle with my website which is on GoDaddy Managed WordPress. It’s an issue that I’ve seen posted about here or there but those threads basically tail off without resolution. This is part rant, mainly advice request.

**TLDR** GoDaddy Managed WordPress’s security has me thinking I need to leave them – questions at the bottom.

I am building a membership site. It’s a health education site to work with primary care practices in the UK. Each practice will have its own individual login and password to give out to its patients. **I’m expecting that a lot of the end users will not be super computer-literate so I want to give them room to mess up their login attempts.** One of the reasons that I chose WordPress is that I understand by default it allows unlimited login attempts. I was planning to use a plugin to manage that.

What I have been finding is that after about 5 incorrect login attempts, the site is locking them out stating ***“Denied for too many attempts – Please try visiting at a later time”*** as per the screenshot.

Figuring this out has been a long road.

GoDaddy pre-installs the Limit Login Attempts Reloaded plugin (which I’ll call LLAR form now on) as a must-use. First I thought that was the issue. As must-use I can disable or rename it or delete it via dashboard or FTP, GoDaddy have it locked. However I set that up to only lockout after 9999, and only for 1 minute, and yet the lockout happens after 5 incorrect login attempts and locks out for ages, 10 mins at least at my last count. *I’d have lost my patient’s attention by then.*

Because the lockout wasn’t following the expected behaviour from the LLAR plugin that GoDaddy mandates, I thought this was a bug.

I did the standard of uninstalling all of the plugins that I can access, changing the theme, rolling back, removing all my php additions. The problem was still happening.

I’ve been over this a load of times with GoDaddy, first they tried to tell me that the issue was down to me and not them. They said this was an issue with my setup. They said it must be my front-end login form, so I went and tested it on the back-end and it’s happening at wp-login.php too. They said maybe I should rollback my site further. Then they finally said maybe they have some security configuration on their servers that are limiting the logins, which to me begs the question, why install LLAR plugin as a must-use at all?

After many calls with GoDaddy, they finally seemed to understand my issue, and said they would need 72 hours to look into it and, having observed the 5-attempt-lockout themselves, adjust this for me.

Well they came back and advised:


>*While investigating the issue it was determined that you are being blocked by not the plugin but the platforms network security. It will lock the system for 15 minutes after 5 logins from the same ip in a 5 minute time frame.*
>*At this time, the issue has been resolved.*

So I am frustrated. Their own tech support did not know, over many calls, and many pieces of advice to go away and try different things, that this behaviour **is baked into their platform**. And it very much looks like this is not something that can or will be adjusted.

My confidence in the platform and their support is very much shaken. Why on earth install LLAR plugin as a must-use if they have other security that kicks in before the plugin?? This feels very much like the right hand not knowing what that left hand is doing. Oh and the plugin wasn’t even visible on the dashboard at first! I had to download a patch form the makers at LLAR that fixed a conflict at GoDaddy that meant that having Sucuri on rendered LLAR invisible! How could tech support (and the call handlers I spoke to engaged *their* tech support so many times) not know this was not a bug, on my end or theirs, while picking through *my content telling me I had done something wrong.* Big oof.

So I don’t know how to proceed. It looks like I might have to come off Managed WordPress and go with cPanel. Or managed or unmanaged WordPress with another host I guess.

I guess I have a few of questions.

1. **If I’m coming off** ***Managed*** **WordPress and going to cPanel I’m feeling a little antipathetic about staying with GoDaddy for that. Does anyone have any thoughts about GoDaddy cPanel?**
2. **Does anyone have opinions on an alternative host or plan that might better suit my needs? I’m in the UK, I’m relatively noob (Damnit I’m a doctor Jim, not a developer!), I have done everything myself so far so I don’t feel UNconfident. My domain is over at 123reg, I have used Elementor for the site, learned a little CSS and HTML along the way as required, I don’t know any php.**
3. **Is this likely to happen with another host? Or is GoDaddy just particularly annoying like this?**

I appreciate any and all thoughts, I am a little lost / stuck at the mo, it sucks as I pretty much managed to iron out all the issues on my site, and am left with this last (for now!) giant one lol.

Thanks all

  1. I cannot speak to the specific issues you’ve mentioned, but last year I moved three client sites away from GoDaddy and their constant pressure to upgrade services. All of the “issues” the sites were experiencing disappeared immediately. Another developer I know had the same experience with GoDaddy: constant warnings and phone calls pushing for more expensive plans. When he moved his sites, the problems disappeared.

    I do not trust them at all.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer