Hostgator Website Hacked and Suspended: Here’s How To Fix It
Finding out that your Hostgator site is hacked is a nightmare! You need to act fast to remove the malware or you risk permanent suspension on the platform.
All web hosting providers including Hostgator run regular scans of their websites to check for malware. If they detect any on your site, they take your site offline and suspend your account in order to protect their own interests as well as other users on their platform.
This is because hackers exploit your site to run malicious activities like stealing data, phishing, defrauding visitors, holding your site ransom, selling illegal products, among a long list of things! They not only damage your website, but can also ruin your business and your reputation.
Not to worry. In this guide, we’ll show you the steps to take to clean your hacked WordPress website and how to remove the Hostgator suspension. Moreover, we’ll show you how to protect your website from suspension in the future.
Note: If you think your site has been flagged incorrectly, in most cases, hackers cleverly hide their malware which makes your site appear normal to you – the website owner/admin. And they display malicious content only to visitors. So we understand that seeing a message from Hostgator telling you your site is hacked might come as a surprise! Contact Hostgator to get more clarity.
TL;DR – If your website is infected, you can clean it instantly with MalCare. Install the plugin and it will scan your site. You can then use the automated malware cleaner which will restore your site to normal in under a few minutes. You’ll need to contact Hostgator to remove the web host account suspension.
Hostgator Suspended Account For Malware Infection
Hostgator runs routine scans on the websites they host on its platform. If they detect malware or suspicious activity on your site, they investigate the site further. Once they are convinced your site is infected with malware, Hostgator suspends your account and takes your site down. They do this because a hacked site could affect the loading time, speed and performance of other websites on their servers. It could also lead to other sites getting the infection if you’re using a shared server, however, this is not common. If you’re using a dedicated server, it shouldn’t affect any other website.
Hostgator then notifies you – the site owner – by sending an email. We understand how horrifying it is to see a mail from your web host that your account has been suspended. We have a copy of a Hostgator customer’s account suspension email that might be similar to yours:
The email may vary depending on which Hostgator hosting plan you’ve subscribed to such as a baby plan or a standard plan. Your suspension notice can vary based on whether you are using shared hosting or a dedicated server, unlimited storage, unlimited hosting, etc.
This email clearly states that you need to clean your site and resolve the security issue. But more importantly, you have to take measures to resolve security issues on your site and ensure that this doesn’t occur again. You risk further action or permanent suspension if you fail to properly clean your hacked WordPress site properly.
How To Fix Hostgator Hacked Site and Account Suspended
To fix your site and remove the suspension by the hosting company Hostgator, you need to carry out a four-step process:
- Scanning your WordPress website for malware to identify the infected files and directories.
- Cleaning malware on your WordPress site to remove the hack. Remember, while cleaning your site, you need to be thorough with removing all traces of malware and ensuring there are no backdoors for hackers to gain access again.
- Fixing the vulnerability that allowed the hack to occur and take security measures to protect your WordPress website from getting hacked and future attacks.
- Submitting your site for review to remove the Hostgator account suspension.
We’ll take you through this step by step. Let’s begin.
Scan Your Hacked Hostgator Website For Malware Infection
There are two ways to scan and clean your WordPress website for malware – manually and using a plugin. We can tell you right off the bat that the manual method is technical and very tedious. Your WordPress site consists of tons of files and folders and looking through all of them manually is not advisable. Plus, there’s no guarantee that you’ll find all the infected files.
Considering Hostgator has been very clear that the malware infection cannot recur, we recommend Hostgator customers use a reliable and effective scanner that is guaranteed to work – the MalCare WordPress Security Plugin.
While there are many WordPress security plugins out there, we recommend MalCare for Hostgator malware removal. Here’s why:
You need a scanner that can find any malware.
Most malware scanners available in the market rely on outdated methods like signature matching. In this method, the scanners are designed to look only for known malicious codes. So if hackers come up with new code or disguises it, these scanners will miss it. With MalCare, this won’t happen. The plugin is built to analyse the behaviour of the code. It doesn’t matter if the code is new, hidden or disguised, MalCare will find it.
You need a scanner that will check every file, folder and database of your website.
Most scanners carry out surface scans and check files and folders that hackers commonly use. If a hacker places their malware in an unusual folder, the scanner won’t catch it. MalCare runs a deep and complete scan of your site. It leaves no stone unturned.
You need a scanner that is quick and efficient.
Some scanners take hours to run their process. They also use your web servers resources to run the process. A website scan is a resource-intensive process and it can bog down your site and make it slow down. To avoid this issue, MalCare uses its own servers to run the scan. It completes the process within a few minutes.
How To Scan Your Hacked Hostgator Site Using MalCare?
The MalCare Plugin is very easy to use to identify Hostgator malware. To scan your hacked website, you need to follow the steps below
Step 1: Install MalCare on your WordPress site.
Step 2: You need to add your site to the dashboard. Switch on the toggle on the ‘Security’ feature and the malware scan will automatically begin.
Once the scan is complete, MalCare will show you how many hacked website files it has detected:
We’ll proceed to clean your site in the next section.
Effectively Clean Your Hacked Hostgator Website
Again, we emphasize strongly here on selecting a method that is guaranteed to work. While cleaning malware from your site manually is free, there’s no guarantee of it being completely clean. But remember, Hostgator has stressed on ensuring your site is clean and the website hack doesn’t recur, or else they can permanently suspend your website. So, we strongly suggest using professional cleaning services like MalCare to avoid permanent suspension from the Hostgator platform.
Why Choose MalCare To Clean Hacked Hostgator Sites?
- MalCare is easy to use and will remove all traces of malware.
- Many plugins delete malicious files in order to remove the malware. But this can sometimes cause problems. If other files are dependent on the infected file, deleting it can crash your site. MalCare ensures your site is clean without breaking it by checking for such dependencies first.
- When a hacker gains access to your site, they create backdoors that act as their secret entry point. They use these backdoors to hack your site again even after you’ve cleaned it. MalCare will remove any backdoors a hacker might’ve created on your site.
- When your website is hacked, time is of the essence. You need to fix it quickly in order to remove the suspension and get your site back online. While other methods and plugins take hours, days and sometimes even weeks to fix a hacked site, MalCare takes only a few minutes of waiting time. It has an instant automated malware cleaner that will restore your site to normal in no time.
- Many plugins rely on a clean-up process that involves raising a ticket. Then they will assign a security analyst to your case who will manually clean your site. This method requires you to hand over your website’s credentials to a third-party. For many companies, this is simply not an option as it goes against their internal policies. With MalCare, you can clean your site without the need for you to release such sensitive information to a third-party.
- MalCare’s service comes with a dedicated support team that is available around the clock to help you with any doubts, queries or issues you may face when using the plugin
Now, are you ready to see just how easy it is to clean your site with MalCare?
How To Clean Your Hacked Hostgator Website Using MalCare?
Earlier, we showed you how after scanning your site, MalCare finds hacked files on a website. You can see the number of files it found in the Security section. Now, in the same section, you can see an ‘Auto-Clean’ button.
Click on this button and sit back and relax. MalCare will begin its automated malware removal process. You can exit this page if you like, the process will continue to run.
Once the process is complete, MalCare will alert you that your website is clean. Take a screenshot of this page, you’ll need it when you submit your site for review.
That’s it. Your website is clean. Also, you can check our top 5 WordPress Malware removal plugins, now let’s take a few more WordPress security measures before you submit your site to Hostgator for review.
Remove the Vulnerability on Your Hostgator Site
Your WordPress website was hacked because there was a security flaw or vulnerability that allowed them to gain access. You need to identify this and fix it. Here are a few measures we strongly recommend implementing on your site to prevent future hacks.
1) Update your website
Using outdated software is one of the top reasons for hacks. When developers discover security issues in their software (such as the WordPress core installation, themes or plugins), they fix it and release a security patch in the form of an updated version. If you update to the new version, the vulnerability will be fixed on your site. Also there could be vulnerable WordPress plugins that got your website hacked.
If updating all your themes and plugins on your site is a hassle, you can manage this from the MalCare dashboard. It enables you to roll out bulk updates to your site. (Recommended read: How to Safely Update Your WordPress Site.)
2) Check your themes and plugins
WordPress sites tend to have a multitude of plugins and themes installed. It’s best to keep only the ones you use and delete any that are inactive. Statistics show that many WordPress sites were hacked due to outdated themes and plugins. So, always ensure you update them on time to avoid malware infections and hack attacks.
If you’re using any pirated or nulled versions of WordPress plugins or themes, delete them immediately. In our experience, such software almost always comes pre-loaded with malware that will infect your site the moment you install it.
Lastly, check your list of plugins and themes, if you don’t recognise them, delete them. When hackers gain access to your site, they may install their own plugins and themes. These usually contain backdoors that allow them secret access to your site.
3) Check your users
Another trick hackers use to regain access to your site is by creating new user accounts on your WordPress dashboard. Check your list of users and delete any that you think are rogue accounts.
We also strongly recommend employing the principle of least privilege. WordPress has 6 levels of users on a WordPress website – Super Admin, Administrator, Editor, Author, Contributor, and Subscriber. The highest level is that of super admin and administrator who have complete control of the site. This role should be restricted to people you trust and those who really need it. You can check our guide on privilege escalation.
4) Change your login credentials
Hackers may have hijacked a user’s account to hack your site. It’s best to make every user on your site reset their login credentials. Make sure you use strong passwords that are complex and difficult to guess, this is very important for WordPress login security.
5) Install an SSL certificate
If you aren’t already using one, you need to install an SSL certificate. Your website is constantly transferring data between web servers and browsers. This is common knowledge and hackers use different techniques to intercept this data such as packet sniffing and cookie stealing. By installing SSL on your site, this data will be encrypted. So even if a hacker manages to steal it, they can’t do anything with it because it’s encrypted.
6) Harden your WordPress site
There are some technical measures that WordPress recommends you implement on your site. These are known as WordPress site hardening measures and they protect your site by securing vulnerable areas. Some of these measures include:
- Disable php execution in unknown folders
- Disable file editor
- Block theme and plugin installations
- Change WordPress security keys and salts
Each measure requires technical expertise and can be difficult to implement. However, if you use MalCare, it’s as easy as a few clicks. From the dashboard, access the ‘security’ panel. Here you will see an option to ‘Apply Hardening’. With a few clicks, your site will be hardened.
Before we proceed to the next step, we recommend keeping a security plugin like MalCare active on your site at all times. If you’ve used MalCare to scan and clean your site, your site is protected for a full year under the subscription plan.
It will regularly monitor and scan your website for malware. It puts up a strong firewall to block hackers and malicious IP addresses and bots. Any suspicious activity will be flagged and you’ll be alerted immediately. You can take action before a hack occurs.
Now that your site is 100% clean and protected from future attacks, you can submit your site to Hostgator.
Submit Your Hack-free Site To Hostgator For Review
To request for a review from Hostgator, here are your options:
- Reply back to the same email that Hostgator web hosting sent informing you that your account is suspended. Give them details of the method you used to clean your site. Attach the screenshot of your ‘site is clean’ page you took earlier.
- Contact the Hostgator customer support team via online chat, email or phone and inform them that you have cleaned your site. They will guide you on the process to follow.
Hostgator will review your site and verify that there is no malware present. Upon finding that it’s clean and you’ve taken ample security measures to prevent future hack attempts, they will remove the suspension of your site and you can resume your Hostgator hosting plan.
Remember, the hackers like hacking websites that have no security measures. They prey on weak WordPress sites with bad security. So if they see that you have implemented basic security protocol, there are high chances that they’ll make a few attempts and move on to an easier target.
Now that your Hostgator site is clean and back online, you can rest easy. Ensure you take ample security measures so that this doesn’t happen again.
The age-old saying applies here ‘Prevention is better than cure’. Taking WordPress security measures in advance on your WordPress site can save you a great deal of hassle!
We recommend always keeping MalCare active on your site. The security plugin will protect your website at all times by scanning and monitoring it regularly. It also puts up a WordPress firewall that proactively blocks hack attacks. Apart from your site being secure, you can have peace of mind!
Keep WordPress Website Safe With Our MalCare Security Plugin!
Melinda is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Melinda distils the wisdom gained from building plugins to solve security issues that admins face.