9 Simple Steps To An "Un-Suspended" Pantheon Website

What’s worse than the “White Screen of Death”? This.

Website not responding
“The web page you were looking for could not be delivered.”

A common reason for web host suspending your site is overdue payment. You just have to pay what you owe to the web host and you’ll get your site back. An equally common but less easy to handle reason for your site suspension is a hacked website.

Yes, your website could be infected. Pantheon itself is protecting its server integrity – at the expense of your peace of mind. If your website is hosted on shared hosting environment, multiple websites would be infected thanks to your website. Allowing such a site to remain online is not an option for web hosts then. When web hosts find your website is infected beyond repair, they will turn it off first, and notify you later. You don’t want that.

This is unsettling for many reasons, least of which is that the web host you counted on, has pulled the rug from under you. Let us help you put your mind to ease. There are some steps for you to perform straight away to get your website reinstated. Take a look below to get both your hosting account and your website back.

First, let us find out what Pantheon says about a hacked website. This is what is mentioned in their Terms and Conditions.

4.9 Security Incidents. If it becomes aware of a confirmed Security Incident,
Pantheon shall inform Subscriber without undue delay and shall provide reasonable information and cooperation to Subscriber so that Subscriber can fulfill any data breach reporting obligations it may have under (and in accordance with the timescales required by) Applicable Data Protection Law. Pantheon shall further take such any reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and shall keep Subscriber informed of all material developments in connection with the Security Incident.

You can find more details here.

TL;DR?

Infected Website = Suspended Website

So what can you do?

Step 1: Contact support

Provide the full website URL and your circumstances. Find out which of your website files they have found to be infected. Check if they have your data backups. If they do, you can restore your backups or even find out when you got infected.

Here is a sample email you can send them –

Hello Pantheon,
You have suspended my site, as indicated by the message on my website.
My website details are as follows:
(Fill in with your website URL, your Pantheon account, type of hosting account, security reinforcements, if any, etc.)
Please provide further details on the malicious content on my website so that I can fix it immediately. Do you have backups for my website?

Step 2: Assess Extent of Damage

While you are waiting for or communicating with Pantheon you can assess the damage in front of you. Are your visitors complaining about any illegal ads on your website before it was taken down? Have you lost any content or access to WP-Admin? This can help you learn more about the nature of the attack that you are facing. It will also help you handle your post-hack measures better, in the future.

For example, if you find out that there is an unknown user accessing your website back end, you now know that you need to secure it much better, since it is one of the holes in your website’s security armor.

Step 3: Remove Google Blacklisting

If you have been blacklisted by Google, you need to follow a slightly different procedure to get your site back online, even after your web host “un-suspends” your website. Follow this guide for removing Google Blacklist Warning.

Step 4: Update your website.

Make your website up-to-date, including the WordPress Core, plugins and themes. It is always a good idea to run on the latest version of WordPress to keep security vulnerabilities at bay.

Until now you have been taking care of the preliminary requirements for getting your website back online. Now you will be getting into the specifics which might be more technical than some are comfortable with. You can ask for technical assistance, hire a security advisor or simply get a security plugin like MalCare to do the job for you.

Step 5: Backup and Refresh Account

If Pantheon is not able to provide you with the list of exact files that have malicious content in them, as well as your website backup you can try to use your backups to restore your website. If you are starting over, you need to install a fresh, malware-free, and new version of WordPress.

Downloading WordPress installation from https://wordpress.org/latest.zip
Unzip the downloaded file,
Upload them back to your hosting account
Now you can restore your backups here and start over.

Of course, all this is for naught if your backups also are infected. If you are not sure when you were hacked exactly, then there is the high risk of reinfection, and you will be back to square one. In that case, you must scan and clean you backups too.

Step 6: Scan your site for malware

Even if Pantheon lets you know the exact files in which malware has been found, it is always safer to scan your site on your own, to detect even the most complicated malware on your website that Pantheon may have missed. Catching little-known or really complex malware is, however, not possible for most malware scanners. They rely on signature matching. In such cases, malware detected is only the malware within the security plugin database.

To overcome this, MalCare Security Scanner tracks changes in all your website files and uses 100+ intelligent signals to catch all the malware on your site. Its intelligent self learning algorithms are derived from its comprehensive malware scanning experience across 240,000+ websites. In short, MalCare successfully detects complex malware that goes undetected in other popular plugins.

Step 7: Remove malware from your site

Now that you know each and every infection on your site, you will have to remove it ASAP. That way, you can get your site back online sooner. We know time is of essence in such situations, so can you afford to wait around for a security technician to help you replace the files exactly the way you want?

Security plugins tend to leave the final cleaning to their on-site personnel too. An alternative to this lengthy and time-intensive approach is a one-click instant malware remover like MalCare malware remover. Your website is cleaned before you say “What a Great Bargain!” You don’t need any technical knowledge, and won’t be wasting any time.

Step 8: Re-scan your site – Just in case

You need to make sure that your website is really ready to be back online. It wouldn’t do to get suspended by your website, again, just because you were not careful this close to the finish line. Or you can leave it to MalCare’s Automatic Daily Scanner to take care of this for you.

Step 9: Email Pantheon

Let Pantheon know that you have done the needful and you are ready to get your site back online. Tell them what you have done to remove the malware on your site. Promise them that you will take better care of your website security (for your own sake, if not just theirs) and that’s it. MalCare Reporting feature can assist you in this step. Your website should be back within the hour.