GoDaddy Security
Summary
🔑 Key Takeaway for GoDaddy: Protect your domain registrar account with non-SMS two-factor authentication, regularly review delegate access and active sessions, and enable DNSSEC on all domains to prevent DNS spoofing and domain hijacking attacks.
This checklist is adapted from Auditware's W3OSC standards.
For Individuals
These settings apply to your personal GoDaddy account. All team members and admins should configure these on their own accounts.
Individual Account Settings
- Account Settings >
- Login & Pin >
- 2-Step Verification > On (non-SMS)
- Active sign-ins > Review and remove any unused or unrecognized
- Delegate Access > Review and remove any unused or unrecognized
- Login & Pin >
For Team Members
These guidelines apply to team members who have delegate access to GoDaddy accounts but don't have full administrative control.
Team members should:
- Ensure their individual account settings are configured according to the checklist above
- Understand the scope of their delegate access permissions
- Report any suspicious domain or DNS activity to account administrators
- Never share login credentials or delegate access with unauthorized parties
For Admins
These settings and practices apply to GoDaddy account administrators who manage domains and DNS settings.
Domain Security
- Domain Settings > DNS > DNSSEC > On
Best Practices
- Regularly audit delegate access and remove any that are no longer needed
- Monitor domain expiration dates and enable auto-renewal for critical domains
- Use domain locking features to prevent unauthorized transfers
- Review DNS records periodically for any unauthorized changes
Related: For comprehensive DNS security guidance, see Infrastructure - Domain & DNS Security.