The first quarter of 2026 has already seen three serious phishing attacks directly targeting SiteHost customers, and an industry-wide warning from the Domain Name Commission about scam emails and websites that aim to steal passwords and other data. Our Phishing Alerts page has never been so busy. There are plenty of criminals out there who want to compromise your SiteHost account.
In response we are tightening account security by making two-factor authentication (2FA) compulsory for all accounts. This has already been the case for new sign-ups since September 2025. When a 2FA code is required at login, even a stolen password isn’t enough to break into your account.
From Monday 23 March, any accounts without 2FA will switch to email verification. After your password, you’ll be prompted to enter a code that we send to the email address stored under your account's contact details. This might be different to the username that you use to log in.
Between now and then, please make sure that you have access to that email address.
To update your contact email address, go to Account > Your Profile in the SiteHost Control Panel.
To change the email address that acts as your username, create a new account contact. The Knowledge Base explains how.
If you would rather take control of 2FA ahead of time, you can enable 2FA within your Account Settings right now.
Email or app? And how often?
In your Account Settings you have the choice to receive 2FA via email (which will be the default) or to use an app like Google Authenticator. We recommend the more secure app-based option. This removes the chance that a hack of your email account would be enough for someone to reset your SiteHost password and receive 2FA codes.
Now is a good time to remind you to use a strong password for your email inbox, and to also protect it with 2FA.
Going back to your SiteHost account, if you are an administrator you’ll have access to another new setting, authentication frequency. This will apply to all account contacts with newly-enabled 2FA. Codes can be required at every login, once a day, once a week, or once a month. These new admin settings will replace user settings.
If you’re affected, we’ll email you
This change will happen on Monday 23 March. Every SiteHost accountholder who is about to have 2FA switched on will receive an email from us beforehand. If you have any questions about account security or how the 2FA change will work, please just ask us.
Last updated 12 March 2026.