When your web hosting service suspends your hacked WordPress website, it can be painful. But web hosts have legitimate security concerns behind this action.
Any experienced WordPress website owner knows that there are no truly secure, impenetrable websites; just hardened ones. But when your website has been hacked, it can be a bit of a salt-in-wound situation when your web host suspends your website.
Is suspending the hacked site the only course of action?
While suspending your account is one of the actions that web hosts take, it isn’t the only one. If you’re with a good web hosting company, they will:
- Send email notifications about:
- Details about the exploit on your site, and links to it
- A reminder that you are responsible for securing your site
- A list of outdated (vulnerable) scripts and a notification if you’re using an outdated version of WordPress
- A clear deadline for you to get back to them or get suspended
- Offer to clean the malware on your site, for a price (this depends on whether the web hosting company also offers security measures)
- Offer to restore a clean back up of your site (this depends on whether the hosting service offers reliable backup solutions)
Naturally, not all web hosts provide more than one option, and what is offered depends on the scope of their service at the price-point you’re utilizing it at.
Why is suspending my website an option?
As we explained above, not all web hosts have reliable backup-and-restore or security measures offered along with their service.
So if your web host chooses option 1 (sending an email notification and then suspending your WordPress site), they might do so to protect one of the following parties:
- Visitors to your site (in case of individual hosting)
- Other sites on the hosting server, and their visitors (in the case of shared hosting)
Reasons why hosting providers suspend WordPress sites on shared hosting
Serious issues could arise in the case of shared hosting, especially if the hosting provider doesn’t have reliable security measures. This is because one hosting server would support multiple websites, (as separate entities on that server), which would all be required to share the server.
For example, if one website on your shared hosting server consumes too much bandwidth for files, all the other websites on that one hosting server are also affected.
So if the malicious code from one infected website manages to find its way to your server, everyone on the server would be infected. Attacks like these could be incredibly simple; for example, a hacker could craft malicious code to executes simply when admin tasks are performed.
In cases like these, a practical solution would be to suspend your infected WordPress site, until the hack is cleaned out.
What damage can hackers cause with access to a hosting server?
Here is an overview of the damage a hacker can wreak when they have access to your website’s hosting server:
1. They can send spam mail from your server:
The attacker’s main aim in this case would be to send their spam mail using your hosting server.
However, if they abuses it enough, they could get your DNS server blacklisted by email providers such as Gmail, Yahoo, Outlook, etc.
In the case of individual hosting, not only would you be unable to send regular mail to your subscribers, your web host wouldn’t be able to send any mail to anyone else from that server either.
In the case of shared hosting, every website using that server would get blacklisted by email providers.
Suspending your account would prevent your hosting server from getting blacklisted, no matter which type of hosting server you use.
2. They can infect your visitors’ profiles/websites:
Attacks such as Cross-site scripting are notorious for spreading like wildfires. A hack on your website could spread to a number of your visitors when they simply open up a page leading to your website.
In the case of individual hosting, this would only affect your site’s visitors.
In the case of shared hosting, attacks like cross-site scripting have the potential to affect the visitors to every website on that particular server. This possibility can be mitigated if your shared hosting provider has a robust security system and separation between the websites on that server.
In either case, shutting down your hosting service could help mitigate the damage and get to the source of the malicious code.
3. They can use your server as a bot in a DDoS attack against another website:
Denial of Service (DoS) attacks aim at making a website unavailable by overloading it with requests. Distributed Denial of Service (DDoS) attacks overload the same website with requests from a number of sources so that its server denies service. These sources could be other websites’ servers.
If a hacker gets control of your server, they could use it as a bot pinging (or attacking) other websites.
In case of individual hosting, this would mean that your site would be blocked by other servers and networks’ firewalls, as well as search engines.
In case of shared hosting, not only your site, but every site on the same server would get blocked as they all share the same IP address.
4. They can shut your website down and use ransomware techniques:
Ransomware is exactly what it sounds like; hackers take your website down and only allow you access to it, or get it back up if you paid them a specific amount.
In the case of individual hosting, only you would have to bear the brunt of a ransomware attack.
In the case of shared hosting, the threat is magnified because of the possibility of breaching your web host’s security measure, and taking a number of websites in one go.
Obviously whether any of these attempts succeed or not, depends on your hosting company’s security measures.
It can be frustrating to get taken down by the web host you depend on. But in the long run, this is for the good of your website, their service, and your visitors.
Therefore, one of the first steps you should take, for everyone’s sake, is to get an intelligent malware scanner and cleaner that will clean out hacks.
It is also very important that you perform a forensic-style analysis of when exactly your WordPress site was attacked, how the hack happened (the vulnerability that was exploited, how it was exploited), the damage caused, and the other vulnerabilities on your site that could be exploited.
Using a reliable backup solution is also of paramount importance, especially since it helps you easily, and quickly restore a clean version of your site while you clean out the hacks.