Hackers bought Google ads pointing to a fake GoDaddy WordPress login page - any site manager who clicked saw their credentials stolen

BleepingComputer reports a phishing campaign that bought Google Ads to push a fake GoDaddy ManageWP login page to the top of search results. ManageWP is GoDaddy's centralized dashboard for managing multiple WordPress sites - so a successful phish gives the attacker simultaneous access to dozens or hundreds of sites under one account. The fake page is a near-perfect clone of managewp.com hosted on a typosquat domain; victims who enter credentials are redirected to the real site to mask the theft. Same Google Ads abuse template used recently against AWS, Notion, and other developer-tool brands.

Check

Brief staff who manage WordPress sites that they should never click Google Ads for login pages. Search proxy logs for visits to ManageWP-themed domains other than managewp.com over the past 30 days.

Affected

GoDaddy ManageWP customers, particularly agencies and freelancers managing multiple client WordPress sites under one account. Acute risk: small WordPress agencies whose ManageWP credentials enable simultaneous access to 50-500+ client sites. Anyone using GoDaddy hosting for WordPress.

Fix

Enable two-factor authentication on ManageWP accounts immediately. Reset ManageWP passwords for any user who recently clicked a Google Ads result for the brand. Add a corporate browser policy to suppress Google Ads on developer-tool searches. For agencies: rotate WordPress site credentials linked through ManageWP. Watch for unfamiliar admin user creation across managed sites.