What to Do When Your Web Host Suspends Your Hacked WordPress Account?
“This account has been suspended” – is a dreadful alert that pops up on your WordPress site. If the reasons for suspension are unknown to you, it can be frustrating trying to figure out why it happened.
Let’s find out why your website was suspended and how to get your WordPress account back.
Your web host account can be suspended because your WordPress site is hacked. You need to clean your site immediately and be 100% malware-free before you can get the suspension removed. To do this and stay protected from future hacks, give our trusted backup and security solution a try. With just a few clicks, you’ll be hack-free and can get your account back in no time.
Why web hosts suspend WordPress Accounts
The first step in fixing a suspended website is figuring out why it happened. When you see the suspended message on your website, you need to contact your WordPress hosting provider immediately and they will send you the details of what went wrong.
There are several reasons why a web host can take your WordPress site down:
- Lack of payment of pending dues, renewal fees or a billing issue
- Exceeding the limit of host server resources
- Violation of terms and conditions of service
- Running a hacked WordPress site
Out of these issues, the most common reason we see time and again is having your website hacked. While the other three are relatively easy to fix, a hacked website can be more complicated because not only is it bad that your site is suspended, you are at risk of more severe consequences.
Hacked websites on shared servers could put other websites on the same server at risk of being hacked. Further, when your WordPress site is hacked, it will most likely use more server resources than it should. This will affect the web host’s server performance and slow down other sites.
In this article, we will show you how to clean up a hacked WordPress site and then proceed to getting your account unsuspended.
How to Fix a Suspended Hacked WordPress Account?
There are many ways in which you can clean up your hacked WordPress site and be done with it. But if you don’t properly understand the details of how and why it happened, chances are you haven’t cleaned up your site thoroughly and you’ll probably be hacked again, very soon!
When your hosting account gets suspended, you need to make sure you get your site 100% cleaned up and prevent it from happening again. Below, we’ve entailed everything you need to know.
How did your site get hacked?
If your WordPress site has been hacked, it means there was a vulnerability present that allowed hackers to enter. Some of the weak points of a WordPress site are:
- Running your site on an outdated WordPress installation that has a security flaw. If you haven’t updated your WordPress to the latest version, there are higher chances of being hacked because hackers target sites that are running on vulnerable versions of WordPress.
- Plugins and themes that don’t have proper security measures in place. Some of them are created by developers who don’t fully understand the security aspects of it. Or some plugins/themes may have been abandoned by their developer. In the WordPress.org repository, you can check when the plugin was last updated to determine whether it is being maintained by the developer over time, or not.
- Weak login credentials which were easy for the hacker to decipher using what they call a brute force attack. Hackers use bots to keep trying different usernames and passwords until they crack it. If you’ve set your password as ‘password’, it isn’t tough to figure it out.
- Using cracked or pirated versions of software on your site because they’re free. These usually come with pre-installed malware that allows hackers to enter your site once you install it.
Why was your site hacked?
Hackers want access to your website to carry out their malicious and even illegal activities.
Just to give you a brief understanding of the repercussions of being hacked, we’ve listed out a few of the activities that hackers carry out using your website.
- They can steal personal data of your customers which is a huge breach of privacy They can also steal confidential and sensitive information that is critical to the functioning of your business.
- They can start selling illegal or banned products. Without you knowing it, your site may start displaying ads for drugs and adult content.
- In some cases, hackers use websites to promote their own political or religious propaganda. They do this by defacing your website and replacing it with their own messages.
- They can get a hold of your email list and send spam and fraudulent emails with illegal content to your customers or visitors.
- Hackers can redirect your visitors to their own websites. This will reduce your website traffic and negatively impact your SEO and rankings.
Now if you’re thinking, these things happen to big websites. Why would they bother hacking a small site of mine? Hackers aren’t biased as they can use a site of any size to run their hacks.
Apart from getting suspended by your web hosting company, another consequences you could face is getting blacklisted and taken offline by Google. The longer you are hacked, the more you stand to lose. Your SEO rankings will drop, your customers will move to competitors and revenue will plummet. Furthermore, you could also face suspension by your ad or affiliate partners.
Now that you know how and why your website was hacked, we can proceed to detect and remove the WordPress malware.
How to scan and clean a hacked WordPress site?
There are two main methods you can use to make your site hack-free:
Manually – This is done by checking the files and database of your WordPress website. To access the files, you need to use cPanel in your host dashboard or an FTP client like Filezilla. To access your database, you need phpMyAdmin.
Using a plugin – You can download and install a security plugin like MalCare that will automatically scan and clean your website.
Caution: Before you scan and clean your site, we advise you to take a WordPress backup of your website. In the event something goes wrong, this will ensure you don’t lose any of your website’s data. You an take a backup manually or using a WordPress backup plugin.
Scan and Clean a Hacked WordPress Site Manually
To be honest, the manual method is long and cumbersome. If you don’t have the technical know-how, it could take days to figure it out. The only advantage to this method is that it’s completely free! So, if you’d like to give the manual scan and clean a try, check out this guide on hacked WordPress websites.
Caution: The manual method is not 100% efficient. You need to check all the files and database of your WordPress site. It is extremely tough to detect and clean any malware and virus present as hackers cleverly disguise/hide their malicious code.
The most important thing to remember with the manual method is that after you find and delete malicious code, you may be malware-free but not hack-free. This means hackers entered your site through a vulnerability. If you only clean up the mess they’ve created but forget to close the entry point, then your site will probably be hacked again.
Further, once hackers access your site, they create backdoors that allow them to come and go when they please. If you are unable to locate this backdoor and fix it, you’ll see the malicious code reappearing no matter how many times you delete it.
While you think you’re website is clean, when you submit it to your host to remove the suspension, they will rescan your site. If they find malware again, they will not remove the suspension and you’ll have to start all over again.
Scan and Clean a Hacked WordPress site Using a Plugin
The longer your website is down, the more you stand to lose. Given that the manual method has so many hiccups, we recommend using a malware removal plugin. It’s a reasonable price to pay to get your site cleaned up and protected against future attacks too!
There are several WordPress security plugins available in the market, but we recommend MalCare.
- It’s so easy to use. Simply install the plugin and it will automatically scan your site.
- The malware scanner is like no other. It is able to detect suspicious code and then determine whether they are malicious or not by analysing their behaviour. This method makes it possible for the scanner to find disguised and well-hidden malware.
- Once done, you will be notified of how many hacked files were found.
- As for malware removal, you have to click on ‘Auto-clean’ and you’re done. It takes a few minutes to clean up all the infected files but your site will be malware-free in a few minutes.
- Next, from the dashboard, you can take care of the vulnerabilities present on your site.
– You can update your WordPress installation as well as all the plugins and themes you have present on your website.
– You can apply website hardening measures such as changing all the login credentials for all users of your site. And you can limit login attempts into WordPress admin, disable plugin installations and the file editor. This will make sure your website’s security is strong!
– With MalCare installed, your website has an active firewall that will block malicious IP addresses and bad bots from trying to access your website. Or check our quick guide on how to block IP with htaccess.
Tip: Keep your FTP credentials and WP-admin credentials ready in order to make the process faster.
Request your web host to review your WordPress Site
Once you’re hack-free using MalCare, you can take a screenshot of your site being clean like so:
Send an email with the screenshot attached to your web host requesting them to unsuspend your site. Once they scan your site on their own and see that it’s clean, you’ll have your WordPress Account back.
Web host suspended my WordPress account, but I got my site up and running in no time with the help of this step by step guide. You can too. 🚀 Click To Tweet
How to Delete WordPress Account if Suspended?
Now in case you’re unable to remove the web host suspension and want to delete your WordPress Account, it’s a bit tricky. Here’s what you can do:
If you are running your website on WordPress.com, the process to delete your suspended WordPress account is relatively simple. Login to your WordPress.com account and go to ‘Settings’. Here, you will see an option to ‘Delete my site permanently’. It’s that simple.
If you are hosting on WordPress.org, there is no option available right now to delete your account. You have to simply abandon it. You can, however, delete the contents of your website.
Delete your WordPress files
To delete your files, access cPanel of your web host dashboard and go to ‘File Manager’. Most web hosts provide access to cPanel, but in case you don’t have that option, you can connect to your website using FileZilla. You will need to download the software and enter your FTP credentials. If you are not sure how to do that follow our guide on how to use FTP.
Now the steps are the same for both. Navigate to ‘public_html’.
Here you will see folders such as wp-admin, wp-includes, and wp-content. Before you delete them all, we suggest backing up this data just in case you want it in the future. Ensure you download your wp-config file, we need this while deleting the database.
Now simply select all the files and folders and delete them.
Delete your WordPress database
To delete your database, you need to access it via phpMyAdmin. Either download the application or access it from cPanel of your host dashboard.
Now, you may be faced with a bunch of database names, it’s hard to tell which one is yours. You can find out the name of your database in the wp-config file, like so.
Now select the correct database, and it will populate all the tables on the right panel. Select all and delete it.
Delete your Domain
You can also delete your hosting account and domain name. We’ve used GoDaddy to illustrate how to do this.
Login to your account and navigate to ‘My product’ on your web host dashboard.
To delete your domain, you need to select it from your dashboard, and once your scroll down, you’ll see additional settings. Here, you’ll get an option to delete your domain.
Other options for Suspended WordPress Sites
If you can’t fix your account and don’t want to delete your WordPress website, there’s one more option. If you feel you’re stuck because your current hosting provider won’t unsuspend your account, you could consider switching to a different host. You can check our article on best WordPress hosting providers.
Once you’ve selected the host you’d be happy with, you can purchase a web hosting plan with them. Use a WordPress migration tool to then easily migrate your website. Your website, with the same domain name, will be up and running in no time and you can get back to business.
Conclusion: Prevent web host suspension
Having your WordPress website suspended once is traumatic enough. Imagine if it were to happen again! If you’ve cleaned up your website of any hacks and got the suspension removed, that’s great. But there are preventive measures you can take to ensure it never happens again.
It’s advsiable you select a WordPress security plugin that you can use to protect your WordPress site.
We recommend installing the BlogVault plugin for good reason. Though known for being a trusted backup solution, it also comes preloaded with security features powered by its sister security plugin – MalCare. This will enable you to preemptively block malicious traffic to your site. It will also regularly scan your site and alert you if there’s anything suspicious.
Apart from this, you can improve your WordPress security by implementing the website hardening measures that we spoke about earlier. It will make it much harder for hackers to break into your site.
When you have security measures in place, hackers will move on to sites that are easier to hack! You’ll never have to face consequences like being suspended by your web hosting provider.
We hope at the end of this, you’ve got your web host suspension removed, and you know what to do to make sure it doesn’t happen again!
Akshat is the Founder and CEO of BlogVault, MalCare, and WP Remote. These WordPress plugins, designed for complete website management, allows 100,000+ customers to build and manage high-performance websites with ease.