The first quarter of 2026 has already seen two serious phishing attacks directly targeting SiteHost customers, and an industry-wide warning from the Domain Name Commission about scam emails and websites that aim to steal passwords and other data. Our Phishing Alerts page has never been so busy. There are plenty of criminals out there who want to compromise your SiteHost account.
In response we are tightening account security by making two-factor authentication (2FA) compulsory for all accounts. This has already been the case for new sign-ups since September 2025. When a 2FA code is required at login, even a stolen password isn’t enough to break into your account.
On that date, any accounts without 2FA will switch to email verification. As well as your password, you’ll be prompted to also enter a code that we email to the address that you use to login.
Between now and then, please make sure that you have access to that email address. To log in with a different address, create a new account contact. The Knowledge Base explains how.
If you would rather take control of 2FA ahead of time, you can enable 2FA within your Account Settings right now.
Email or app? And how often?
In your Account Settings you have the choice to receive 2FA via email (which will be the default) or to use an app like Google Authenticator. We recommend the more secure app-based option. This removes the chance that a hack of your email account would be enough for someone to reset your SiteHost password and receive 2FA codes.
Now is a good time to remind you to use a strong password for your email inbox, and to also protect it with 2FA.
Going back to your SiteHost account, if you are an administrator you’ll have access to another new setting, authentication frequency. This will apply to all account contacts with newly-enabled 2FA. Codes can be required at every login, once a day, once a week, or once a month. These new admin settings will replace user settings.
If you’re affected, we’ll email you
This change will be happening soon. Every SiteHost accountholder who is about to have 2FA switched on will receive an email from us beforehand. If you have any questions about account security or how the 2FA change will work, please just ask us.