Many web hosts unfortunately do a poor job of explaining what exactly you are in for, when you host your website on their servers.  When your web host suspends your website for malware presence, you are left with nowhere to go. Vultr hosting provider spells out its standard course of action in its Privacy Policy page.

vultr suspended website

IX. Security of Your Information.                    

We have implemented reasonable precautions to protect the information 
we collect from loss, misuse, and unauthorized access, disclosure, 
alteration, and destruction. For example, we take measures, including 
data encryption, to protect the transmission of sensitive end-user 
information. Nevertheless, we cannot guarantee that our security 
measures will prevent third-party “hackers” from illegally obtaining 
this information. We take reasonable measures to prevent such breaches
 of security, but given the resourcefulness of cyber-criminals we are 
unable to guarantee that our security is 100% breach-proof. You assume 
the risk of such breaches to the extent that they occur despite our 
reasonable security measures.

However, most customers are ignorant about these matters and will be turned off by restrictions. What this means is that, you cannot fall back on your web hosts, or expect them to handle the situation. Usually, web hosts suspend websites with no warning. This is to contain the infection from spreading, leaving their other clients hopefully unaffected. Now that they have taken care of the problem as much as they can, they will send you an email with the pointer to a problem areas on your website. These could be broad and varied, both of which will be frustrating for someone with limited technical knowledge. Here is a sample email they can send you:

"Instance powered off due to TOS violation.

We have powered down your cloud server due to outbound traffic patterns 
fitting the profile of a DoS-style attack. You may restore power any 
time via https://my.vultr.com to troubleshoot, repair, replace or 
destroy as necessary.

If you believe your instance has been compromised, we recommend a fresh 
instance reinstall. If you restore power and fail to address the activity 
in question in a timely manner and/or if the situation in question 
resumes/worsens, we will have no choice but to escalate our response, 
including but not limited to suspension or powering down of the instance, 
suspending the entire account or account closure for repeat ToS violations.

Thank you for your cooperation!"

Did you notice the subtle yet effective ultimatum? If you leave the issue as it is, or wait too long, Vultr will shut down your website before you have any say in the matter! You need to act, and you need to act fast.

Sadly, these kind of problems can happen at the worst possible moments. It may happen in between an advertising campaign where you are losing more and more money down the drain for every click your visitors give you. How is that possible, you ask? Well, they are being redirected to a suspended web page warning, and will likely bounce off a 403 Error page. Take this for instance: You might be featured on a high-traffic website, which is a fantastic dream come true, right? Except now, you’re losing more than 50 visitors a day, and your brand’s reputation too.

So what do you do if you are already suspended by Vultr and need to find a quick solution?

Remember you won’t be able to access your WordPress website, so you need to look elsewhere for a quick fix.

Here’s a checklist of items you need to finish, before you can contact Vultr and let them know that you are completely safe to get back online.

☐ Check irregularities in users or website resources

☐ Check if Google has blacklisted your website

☐ Alert subscribers and/or team members

☐ Scan website for malware

☐ Clean website to remove all malware

☐ Re-scan to check that no backdoor exists on the website

☐ Update plugins and themes

☐ Update WordPress Core

☐ Backup website files

☐ Backup website tables

☐ Install a Web Application Firewall

☐ Block Harmful IPs

☐ Review requests to your website

☐ Review access control on your web host, WordPress installation, and server

☐ Limit the number of failed login attempts

☐ Add CAPTCHA Protection

☐ Add Two Factor Authentication

☐ Disable editing of plugins or theme files

☐ Change Security Keys (SALTs)

☐ Secure .htaccess file

☐ Prevent execution of PHP scripts in WP-Content/Uploads directory

☐ Disable file editing on WordPress dashboard

☐ Audit possible attacks

This list contains the most important measures required to immediately get malware out of your website. You can contact Vultr now and tell them everything you have done to take care of your website. In fact, you can show them this particular list itself.

The following security measures add to your website security and offer additional layered approach to website security as a whole.

Advanced Measures

 

☐ Delete all unnecessary plugins or plugins that could cause high resource usage

☐ Install plugins and themes and plugins only from known and trusted sources henceforth

☐ Secure and ensure your local computer, browser, and routers are up-to-date, free of any spyware, malware, and virus infections

☐ Make sure you use SFTP connection whenever connecting to your server

☐ Review file permissions and make them restrictive, depending on the performance and availability of your site

☐ Include server-side password protection to prevent normal site visitors from accessing /wp-admin/admin-ajax.php.

☐ Use mod_rewrite in the .htaccess file to protect WP-Includes folder☐ Protect WP-Config.php to prevent hackers from accessing it

☐ Monitor Up-time and Availability

☐ Delete unnecessary post revisions

☐ Optimize databases

☐ Switch website to secure HTTPS

☐  Research more about WordPress Security to find what suits you and your website best

 

Does this look like a huge list to actually get down to business and do? That’s okay, because there is a truly quick fix for that. WordPress security plugin MalCare can handle about 90% of the above mentioned steps and do them all for you, within the shortest amount of time.

The fact that your host has suspended you doesn’t make them a bad host. If they don’t practice this they will endanger websites of their customers, including yours. Having said that, it is ultimately up to you to manage your website the right way, to reap the benefits of your hard work.