This time, I am up against the granddaddy of web hosting, GoDaddy itself.
Founded in 1997, GoDaddy is the largest domain registrar in the world and the biggest web hosting company in the US.
Barring past controversies, it’s safe to assume that GoDaddy, having been around for so long, knows its business inside and out and can dominate smaller players.
Right?
1. Plan
I got the Managed WordPress Deluxe, which comes with:
- 1 CPU core
- 2GB RAM
- 100,000 monthly visitors
- 20GB NVMe SSD storage
- Opcode cache
- Object cache
- Page cache
- CDN
- Server WAF
- Automated malware scans & removal
- 99.9% uptime
This plan costs $10.99/mo for a 1-year commitment (Renewal, not promotion price).
2. Speed Features
NVMe SSD Storage
Makes Godaddy servers faster than the ones with old-school SATA SSDs, which some hosts are still using.
Caching
My GoDaddy plan uses three caching technologies to speed up your WordPress website:
- Opcode Cache: With OPcache. When your PHP code is executed to load a web page, it’s first compiled into opcode, which are machine-readable instructions that PHP uses to generate the HTML your visitors see in their browser. By caching it with OPcache, the opcode can be reused instantly without needing to recompile your code on every request.
- Object Cache: Redis caches your frequently accessed data (e.g., posts) in memory. This way, if the opcode includes instructions to query your database, PHP can get the data from Redis instead, which is much faster. Using Redis also prevents your database from being overloaded with repeated queries. Surprisingly, Godaddy’s plugin said my website speed was fast enough without needing an object cache.
- Page Cache: Varnish caches the generated HTML of your web page, allowing it to load much faster without even running any PHP code or querying your database.
CDN
Cloudflare caches your static content (e.g., images) across 335 cities worldwide and routes traffic to them along optimized paths with Argo Smart Routing.
According to GoDaddy, it also accelerates your dynamic content loading and gives you up to 2x better performance.
3. Security Features
CDN
As the point of entry to your site, Cloudflare is also your primary defense at the edge with:
Server WAF
The rest is handled by the Sucuri WAF on your server, which protects your website against:
- DDoS attacks
- Application threats (eg. SQL injection, XSS)
- Zero-day exploits
- Brute force attempts
- Malware
- Hackers
Automated Malware Scans & Removal
Scans your website files and database for known malware every 24 hours and removes them within 48 in the backend.
There’s a paid version for unknown malware that is not automatically detected and removed. This starts at $6.99/mo for a 2-year plan.
4. Speed Test
GTMetrix said myLargest Contentful Paint (LCP) was a good 289ms in Dallas and a decent 361ms in London.
5. Security Test
I launched 38,329 cyberattacks against my GoDaddy website:
- 3 out of 30 high risk vulnerabilities detected:
- Path Traversal: 2 out of 799 attacks successful.
- SQL Injection: 3 out of 1,255 attacks successful.
- SQL Injection – SQLite: 1 out of 482 attacks successful. Okay as GoDaddy doesn’t use SQLite.
- 0 out of 12 medium risk vulnerabilities.
- 2 out of 2 informational risks. 1,578 alerts but these aren’t vulnerabilities.
- Success Rate: 36,745 or 96% of my attacks were completely neutralized.
6. Uptime Test
In the 22 days I was reviewing, UptimeRobot reported that my GoDaddy website got 100% uptime after checking on it every minute.
HetrixTools reported the same results after monitoring my website at 1-minute intervals for 8 days.
Good because GoDaddy promises 99.9% uptime.
Interestingly, it only publishes its current system status and incident history from the last two weeks.
So, out of curiosity, I checked DownDetector to see how frequently other users reported a downtime. All I saw were expletives at GoDaddy’s lack of (helpful) support.
Hmm, is GoDaddy secretly related to Bluehost and HostGator?
7. Annual Data Breaches
While my cyberattacks suggested GoDaddy websites fare well against most web-based attacks, GoDaddy itself has been suffering annual data breaches since 2019:
2019
Hundreds of GoDaddy accounts were compromised and used to send phishing attacks, as discovered by a Palo Alto Networks researcher.
2020
28,000 customer accounts were accessed by unauthorized parties, as revealed in an email apology by then CISO Demetrius Comes.
2021
1.2 million Managed WordPress customers lost their login credentials and email addresses to hackers, who had gained access to GoDaddy’s source code with a compromised password. The attacks lasted from September to November, when they were discovered.
2022
A “small number” of customer websites were intermittently redirected to malicious sites due to malware installed by an unauthorized third party, who had gained access to GoDaddy’s cPanel servers.
GoDaddy suspects these multi-year attacks were from the same organization and has taken mitigation measures.
However, the fact that data breaches are a yearly affair at GoDaddy should be concerning for anyone considering its services.
8. AI Tools
Like other older hosts trying to be more relevant, GoDaddy has introduced some AI tools:
- A website builder that creates design templates with user prompts. My generated template (below) looked meh to me.
- A virtual assistant, which was surprisingly good
Cool, but not enough to redeem GoDaddy yet.
9. Cons
MySQL
MariaDB is better and faster.
PHP Workers Unknown
Remember the opcode I mentioned above? PHP workers are the ones that compile your code into opcode, the instructions to generate the HTML of your web pages, for each incoming request. The fewer PHP workers you have, the fewer requests your website can handle concurrently, slowing down your page loading.
No JavaScript (JS) Deferring
This feature ensures your HTML loads and renders correctly before JS files are executed in the proper order. Without JS deferring, some JS files can block this rendering process, causing your website to load slower or appear broken.
Basic CloudFlare
Cloudways and Rocket.net include the Enterprise version in their plans for free, which has more advanced features like image optimization.
20GB Storage
Come on, other hosts offer much more for the same price.
Annual Data Breaches
Something fishy is going on at GoDaddy. Data Breaches are almost as certain as Christmas (for the hackers).
10. Evaluation
Let’s see how GoDaddy did against my self-hosting:
| Self-hosting | GoDaddy | |
|---|---|---|
| Speed (LCP) – Dallas | 306ms | 374ms |
| Speed (LCP) – London | 253ms | 377ms |
| Security | 0 | 3 high risk vulnerabilities (1 doesn’t affect WordPress). Lots of data breaches in the past. |
| Uptime | 95% | 100% with current system status and incident report from the last 2 weeks. |
| Winner | 👑 |
11. Final Thoughts
GoDaddy feels almost like the Godfather: An old industry leader with a strong brand name and a shady history, but far from invincible.
Many newer and smaller hosting providers have caught up and chipped away at its market share.
And I can see why.
For its price, those looking for some GoDaddy alternatives would be happier with ChemiCloud, a cheaper and safer WordPress hosting provider. The 2x performance optimization stated on their website also paled against ChemiCloud’s QUIC.cloud CDN.
So beside the fact that GoDaddy hadn’t beaten my self-hosting decisively, I couldn’t find any strong reasons to recommend it above other hosts.
In the meantime, while its tradition of annual data breaches seems to be broken since 2023, it has not been forgotten.
This means GoDaddy has a lot to work on besides jumping onto the AI bandwagon: public image, website speed, and obviously, security.
Otherwise, somebody will make GoDaddy an offer it couldn’t refuse someday.
Leave a Reply