GoDaddy injects validation error-causing script into WordPress websites

godaddy injects scripts into wordpress sites
December 31, 2018 at 5:03 am

UPDATE (01/21/2019): NoDaddy has finally removed the script after multiple support phone calls. Took ’em long enough!

UPDATE (01/09/2019): It has been almost two weeks since writing this blog and as of today, NoDaddy has still not removed the error causing, automatically injected tracking script from the website I’ve been working on lately. We contacted NoDaddy’s customer support and also tried the opt-out feature and the tracking script is still on the website, so this is a fair warning to anyone who chooses to do business with NoDaddy. I’ll be advising all of my future clients to stay as far away from NoDaddy as possible.

GoDaddy will forever be known as “NoDaddy” in my eyes

As I was validating code for a WordPress website which is hosted on GoDaddy, I came across a peculiar code validation error which was caused by a script injected into the site after the closing body tag. I found this validation error particularly odd because everybody knows nothing goes between the closing body and html tags.

My first thought was that this script is malware, but then after reading a comment in the script, I realized it was a script automatically injected into the WordPress site by GoDaddy. To my knowledge, this is a script that you cannot remove from the WordPress theme, database, or core code files. What a joke! This is technically GoDaddy hacking your website through their own administrative back end, but I’d bet it’s buried somewhere deep inside GoDaddy’s 135,594,093 page license agreement that allows them to do this legally. Who knows, though? I’ve never read it. All I know is that it ticked me off and I want it gone!

GoDaddy’s injected WordPress script:


I copy/pasted the code comment which claims to be monitoring performance into DuckDuckGo and found that I am not the only one experiencing this hidden problem. Larry Daniele wrote an in-depth article about this GoDaddy injected script which describes a way to opt-out without contacting GoDaddy’s outsourced support. Visit that link to find out how to opt-out of GoDaddy’s automatic script injection. Thanks, Larry!

The last thing I want is GoDaddy automatically injecting unwanted “performance monitoring” scripts into any of my websites, especially when it causes a red code validation error with the W3C.

GoDaddy has violated its customers once again by automatically injecting tracking and “performance monitoring” scripts into its customer’s WordPress websites. I’ve moved my personal websites away from GoDaddy because I’ve just had it with their crap.

On the contrary, I completely understand why people use GoDaddy: because it’s the most popular, it’s “the easiest (subjective),” it’s the “best deal (subjective),” and they “have good support (primarily outsourced to foreign countries).” /s

What will GoDaddy do next? Only time will tell, but they surely won’t be hosting one of my personal websites.

Leave a Reply

Your email address will not be published. Required fields are marked *