Has this happened to you? Your web host, Bluehost suspends your site, and Google blacklisted your website at the same time. Is it a coincidence?!

Take it from people who have gone through these terrifying experiences. It is not.

For a detailed step-by-step guide on removing the Google Blacklist Warning on your website, follow the steps mentioned in  MalCare Google Blacklist Warning Removal Guide.

web host Google blacklisted website

Now let us dive in and find out the details of web host suspension, and what to do when Bluehost suspends your site, specifically.

Web Host Suspension

When your web host suspends your site, anyone who opens your site will see a blank page, with the words “This account has been suspended. Contact your hosting provider for more information.”

As many of you might know, your website is located on your hosting provider. Depending on the type of hosting you have signed up for, the cause of suspension can be determined.

Type of Bluehost Hosting

Bluehost provides 3 types of hosting:

Shared Hosting

This is the favored choice for many beginners since it is economical but it comes with some major pitfalls. If even one website on the shared hosting server gets hacked, there is a high risk that all the other websites on the same network will also get hacked since the hacker can access the network.

Virtual Private Server Hosting

This hosting uses SSD storage. VPS Hosting is marginally more secure only because it is kept separate from other websites. You have the option to make the use of additional security measures. We say it is marginally better, because you do not share the Operating System with any other users. This protects your website files to an extent.

Dedicated Hosting

If you are looking for ultimate control over your website performance and security, your first option would be Dedicated Hosting. This is the hosting for websites with high incoming traffic.


This is not to say one provides better security than the other. Those who think that their websites are immune to hacking, either because they think they’re too small to be discovered or they’re lulled into believing secure passwords are all one needs: Here’s a quick reality check to remind you many people are trying to break into your website for one reason or another.

The reality check is in the form of a Warning Alert from your web host.

Bluehost Suspension Warning

Here is a sample email from BlueHost that you would have received when you got suspended.


Your DOMAIN account has been deactivated due to the detection of malware. 
The infected files need to be cleaned or replaced with clean copies from 
your backups before your account can be reactivated.

We created the malware.txt document in your home directory that contains 
a list of possibly malicious files for you to inspect. We cannot 
guarantee it is a complete list, and it may contain false positives — 
meaning files that look malicious but aren’t.

To thoroughly secure your account, please review the following:

* Remove unfamiliar or unused files, and repair files that have been 

* Update all scripts, programs, plugins, and themes to the latest version.

* Research the scripts, programs, plugins, and themes you are using and 
remove any with known, unresolved security vulnerabilities.

* Update the passwords for your hosting login, FTP accounts, and all 
scripts/programs you are using. If you need assistance creating secure 
passwords, please refer to this knowledge base article: 

* Remove unused FTP accounts and all cron jobs.

* Secure the PHP configuration settings in your php.ini file.

* Update the file permissions of your files and folders to prevent 
unauthorized changes.

* Secure your home computer by using an up-to-date anti-virus program. 
If you’re already using one, try another program that scans for 
different issues.

Please remove all malware and thoroughly secure your account before 
contacting the Terms of Service Department to reactivate your account.

You may be asked to find a new hosting provider if your account is 
deactivated three times within a 60-day period.

Thank you,

Bluehost Terms of Service Compliance


For support, go to http://my.bluehost.com/cgi/help

One particular section seems especially scary, doesn’t it? And we are not even talking about “You may be asked to find a new hosting provider if your account is deactivated three times within a 60-day period.”

We are talking about the list of tasks to carry out, before you get the green signal from Bluehost. Now many of these terms might even look very technical, and they are! If you are familiar with your website scripts, identifying known malware, modifying your scripts accordingly, this might be a fair game, even if a VERY risky one. But it means going through every single file and table in your website to remove the infected ones. If, by mistake you remove an important part of your own website, you’re surely in hot water!

Let us see what we can do instead.

The Complete Beginner’s Guide to BlueHost Unsuspending your Website

Everything listed out in the email above can be categorized in 5 main steps:

How to Unsuspend my website?

Step 1: Contact Web Host

Step 2: Scan and Clean Website

Step 3: Secure your site

Step 4: Rescan your site

Step 5: Contact Web Host

Contact Web Host

Ask Bluehost for details regarding the suspension. Find out if they have found any specific files that have been infected.

Scan and Clean Website

You can either try to identify the malware from Bluehost’s list on your own (Risky!) or go for the more expensive option of hiring a security specialist to do the job. Note that, just as Bluehost says, the list might not be a complete or exhaustive list of all the malware on your site.

Secure your site

Harden your site, including the back end for maximum protection against hackers. Using security keys, disabling your file editor, handling plugin and theme installations all require special focus. Unless you are using MalCare, which offers One-Click Flexible Site Hardening features. MalCare can also help you with the rest of the list mentioned in Bluehost’s email to you, with just one-click.

Re-scan your site

Checking that your site is truly completely free from malware can help you avoid embarrassing situation of getting suspended again. Backdoor is a type of malware that keeps reintroducing new malware into the website. Besides, it never hurts to check twice!

Contact Web Host

No it is not back to square one for you. You need to notify Bluehost that you have made the necessary changes for them to unsuspend your site.


Check if you have followed all the security guidelines mentioned in Bluehost Security Checklist.

Depending on their responsiveness your site will be back online in the next fifteen minutes to half an hour.


Now that you know the hard work that goes into unsuspending your site, you can do your best to prevent such a situation from happening ever again. We have put in immense research and effort into MalCare, our WordPress Security Service and have come up with Early Detection technology. It detects malware in your website by tracking files with 100+ signals, and what’s even better – a One-Click Malware Removal feature. MalCare takes care of your website’s Complete Security for you.


Try MalCare for better peace of mind.