Got your Bluehost account suspended? It must be a nightmare! Websites are often suspended because of the presence of malware. In most cases, website owners realize this all too late. But don’t worry. We’ll guide you through the process of cleaning your WordPress website and getting it unsuspended by your hosting company.
If you have malware and are looking to just clean the infection and fix the site, you can install our WordPress Malware Removal Plugin (MalCare). It’ll instantly clean your site. But to get your website unsuspended by the web host, you’ll need to come back and read the rest of the article.
Why Was Your Bluehost Account Suspended?
Bluehost runs a security check on all the websites that it powers. Regular checks help the hosting provider find websites that could be hacked and infected with malware. They scan the WordPress sites and once they are sure that a specific website has malware, Bluehost suspends the site. They inform the site owner about the suspension. We’ve got a sample of the email Bluehost typically sends to site owners whose account has been suspended or deactivated due to malware.
The suspension email may look daunting and users may feel lost about how to proceed. That’s natural. But Bluehost is only informing you that your account has been deactivated because of the presence of malware on your website and they are also laying down the steps you can take to clean it. In the next section, we’ll discuss how you can implement those steps.What to do when Bluehost account is suspended? Simply follow this step by step guide that’ll help you get your account unsuspended. Click To Tweet
How to Fix Bluehost Suspension?
When looking closely at the website suspension email one can make out that the email has two parts. In the first part, they speak of how to remove malware and in the second part is about further securing your website.
Let’s take a look at the first part of the email –
In the part of the mail, Bluehost informs you about two ways in which you can remove malware from your website.
- You can either restore a clean copy of your backup or
- You can refer to the document where they have listed down the malware files found on your website, and attempt to clean them
Both methods fall short in some way or the other and we’ve discussed them in the next section.
Restoring a Clean Backup
Assuming that you have been taking daily backups, it’s hard to learn which copy is malware-free. In this case, you can find out when your website was hacked which is difficult to achieve or you can test your backups and figure out which ones are clean. A malware-infected copy will show signs of being hacked. Note: Tools like BlogVault gives users an easy way to test backups before restoring them.
That said, restoring backups will not make your website hack-free. When you restore a backup, you are expecting infected files to be removed and replaced with clean files. But what about the new files left behind by hackers? After gaining access to a website, hackers generally leave a backdoor behind which enables them to access your site at will. Backdoors are not typically deleted when you restore a backup. Hence, restoration alone won’t make your website hack-free. See how to scan Backdoors of your hacked WordPress site.
Removing Malware Files on Your Own
In the email, Bluehost informs you that they’ve made a list of the malware that they’ve found on your website. It’s interesting to note that they didn’t attach the list with the email but instead, they uploaded it to your home directory (see the image below).
Generally, website owners don’t access the home directory because one wrong move in there could prove catastrophic for your website. But suppose you tread carefully, there’s still the question of how to remove the malware. You can manually remove malware but it’s a tedious process that takes a lot of time to implement. Moreover, if you are not an expert on malware, you won’t know what you are deleting. Removing the wrong files can cause your website to break.
In the suspension email Bluehost says, “We cannot guarantee it is a complete list, and it may contain false positives — meaning files that look malicious but aren’t.” It means some of the files they’ve marked as malicious could very well be clean. The files could be an important part of your website and deleting it could cause your website to crash.
Given the struggles involved with restoring a backup or removing the malware on your own, it’s much safer to use a security plugin.
Clean Malware with a Security Plugin
While there are plenty of security plugins to choose from, one must pick carefully. Most of the security plugins perform surface level scanning which means they look into places where malware is generally present. It’s an old-school technique. Unfortunately, these days malware can be hidden anywhere on the website. Not just that, many security plugins only look for known malware which means they miss identifying new ones.
- But a deep scanner like MalCare finds new malware because it checks the behavior and pattern of codes. It helps determine if the code is a malicious code or a clean one.
- The security plugin also keeps a track of all your files and folders and not just the known locations. In this way, MalCare’s WordPress malware scanner goes above and beyond looking for hidden malware on your website.
To scan your website with MalCare, install and activate the security plugin. Then add your site to the MalCare dashboard. The plugin will start scanning your site immediately. It’ll detect malware which you can remove by cleaning your website with the same plugin.
Generally, security plugins send security personnel to enter your website and remove the malware. This is a time-consuming process and the typical turnaround time ranges between a few hours to even a few days. If you want to clean your website faster, try MalCare’s WordPress malware removal. You can initiate the removal process yourself by selecting Auto Clean (as shown in the above image). Within a few minutes, your website will be clean and malware-free.Given the struggles involved with restoring a backup or removing the malware on your own, it’s much safer to use a security plugin. 🚀 Click To Tweet
Coming back to the Bluehost suspension email, we mentioned it has two parts:
- In the first part, it speaks of removing malware which we’ve covered.
- In the second part, Bluehost is urging to take security measures.
Security Measures You Need to Take
Let’s take a look at the security measures Bluehost recommends and we’ll show you how you can implement them.
* Remove unfamiliar or unused files, and repair files that have been modified.
Unfamiliar or unknown files could be a part of the hack. If you’d used MalCare to clean your site, then the plugin must have removed unfamiliar files that contain malware. As for repairing files, MalCare removes malware and repairs files of your website which were modified by the hackers.
* Update all scripts, programs, plugins, and themes to the latest version.
Quite often, hackers utilize vulnerable plugins and themes to gain access to your website. Updating them will ensure no one can exploit such vulnerabilities. The same applies to scripts and programs on your website.
* Research the scripts, programs, plugins, and themes you are using and remove any with known, unresolved security vulnerabilities.
You can update your plugins, themes, scripts, and programs only when there’s an update available. Remove the ones that are not offering any updates. Some of the WordPress themes and plugins could be essential to the proper functioning of your website. In that case, use an alternative.
There are a few more precautionary measures that Bluehost suggests taking like changing the password of your WordPress hosting account and your FTP account, updating file permission, securing your PHP configuration and using a good antivirus program on your computer (recommended read – Can PC Antivirus Identify a Hacked Website?).
If you find all this overwhelming, then let MalCare secure your website by applying WordPress hardening measures.
Ask Bluehost to Review Your Site & Unsuspend It
When you are ready, contact your hosting provider. Send an email to Bluehost informing them that your website is malware-free. You can send a reply in the same thread (the one in which they informed you that your website is suspended). Or you can get on a live chat to ask them to review and unsuspend your website.
Tip: Generally, they ask for the last four digits of the password of your hosting account. Keep that handy.
How to Prevent Your Bluehost Account From Being Suspended in the Future?
Getting suspended once is painful enough. Getting suspended a second time around is a nightmare that you don’t want to experience. To secure the future of your website, we’d suggest you take the following security measures:
Keep Your Website Up-to-date
Receiving a ton of updates every week from plugins and themes and the core of your website can get a bit annoying. But it’s not a good idea to skip them. WordPress updates help improve performance, add new features, and most importantly fix security issues. When you skip updates, vulnerabilities remain unfixed which enables hacker access into your website. Soon enough your website becomes infected with malware and your web host provider finds out an suspends your website. Always keep your website updated.
Use Strong Login Credentials
The admin login page is the most vulnerable page of your website. See our guide to learn how to protect WordPress admin login page. Hackers try to guess your login credentials to enter your site. Having an easy-to-guess credential (like admin & password123) makes it much easier for them to gain access to your site. Ensure that you are using strong login credentials (recommended read – how to create a strong password).
Use a Security Plugin
With a good WordPress security plugin in place, your website will be protected from hackers, bots and the rest. Given the number of security plugins available out there, choosing a good one can prove to be quite a task. We compared the best WordPress security plugins which can help you make the right decision.
Getting your website unsuspended involves three major courses of action –
- Cleaning your hacked website
- Taking preventive measures
- And informing your web hosts about the steps you’ve taken
Removal of malware ensures that your website is no longer a threat to your web host server and prevention measures assure them that your site won’t be a threat in the future. To save your site from future hack attempts, the best practice that security experts recommend is to install a security plugin.
Don’t get the Blues!
Secure your site with MalCare now.