Fix “This Account Has Been Suspended” Message On Your Website
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.
There is nothing as disconcerting as trying to visit or log into your website, only to see a notice saying ‘This account has been suspended. contact your hosting provider for more information.’
Your account has been suspended means that the hosting provider has temporarily taken your site offline.
Web hosts suspend websites for different reasons like malware infection, spam content, payment failure, and other policy violations. The notice is deliberately obscure, without a clear indication of what has happened and how to fix it because everyone who visits your site will also see this message.
We want to stress at this point that although all seems lost, it most certainly is not. The key is to act very fast here, especially if it is a hack that has prompted this action.
Don’t panic, we’re here to help. By the end of this article, you’ll know exactly how to fix the ‘this account has been suspended‘ issue, and get your website live as fast as possible.
TL;DR: There are many reasons why web hosts suspend sites, but the most serious one is malware. The only real way to protect your website, your visitors, and your data is to install a malware removal plugin, like MalCare. MalCare has an integrated firewall and includes unlimited cleanups for your website.
What does “This account has been suspended” means?
“This account has been suspended” error means that your website has temporarily been taken offline by your hosting provider. Hosting providers can suspend websites for many reasons, like malware infection, excessive use of server resources, payment failures, and other policy violations.
When you, or anyone else for that matter, try to visit your website, you will see a message saying that your account has been suspended. Moreover, you generally won’t be able to log into your wp-admin or into your hosting provider account.
Or you could see your website redirected to the following URL: /cgi-sys/suspendedpage.cgi
If you are using a reputable hosting provider, they will usually send an email explaining why they have suspended your account, and what measures you should take to resolve the issue. For instance, if they detected malware on your website, they may whitelist IPs so that you can resolve the issue.
Effectively, your website is offline. Again, depending on your host, it could be in imminent danger of being deleted. Bluehost, for example, is very trigger-happy on this front. Siteground usually quarantines your website, so that you have a chance to clean it.
Why your web host suspended your site?
There are a few reasons why web hosts suspend websites. The most common reasons are:
- They detected malware on the website. Malware is dangerous for the website, the host and the visitors, so web hosts are quick to act if their scanners detect the following things on your website:
- Your website could be using excessive server resources. Hosting packages, especially shared hosting ones, usually come with limits for server and CPU resources. If your website gets a lot of traffic, or is dynamic in nature, it could be going over the limit. If the traffic is not reflecting in your analytics, this could be a sign of a brute force attack as well. To stop bad bot traffic affecting your website, you should install a firewall.
- Another very common reason for web host account suspension is because of unpaid invoices. Check your email, because they often send a lot of notices if there are dues to be settled.
Before we get into dealing with suspension itself in the next section, we want to assure you that you are not alone. We have seen lots of panicked emails from website admin because one minute their website worked just fine, and the next minute their account was suspended.
The situation is entirely fixable if you act fast.
How to fix ‘This account has been suspended’ issue?
Before we get into dealing with the issue itself, we need to identify the cause of the suspension. As we discussed, this should be clear through the email that they share with you.
But if you haven’t received an email, or it isn’t very clear, you can always contact your web host for details. Depending on the cause of suspension, you can follow the procedure mentioned below to fix the suspension issue.
Remove malware from my suspended website
Out of all the reasons that the web host suspended the account, malware is the most tricky to resolve because web hosts can delete the account and all the websites without warning if the situation is not resolved quickly. If your web host has detected malware (malware like favicon virus etc;) on your website, this is the most critical problem to solve.
There are a few ways to clean malware from your website, depending on whether or not you can regain access to it. We have ordered this list on the basis of cost-effectiveness as well.
- Use a security plugin like MalCare to clean your website
- Hire expert cleaning services
- Manually clean your website yourself
1. Clean your website with a security plugin [RECOMMENDED]
Websites are significantly easier to clean if they are up and running. It will let you run a specialized security plugin like MalCare. The trouble with hacked WordPress sites being suspended is that you cannot access your dashboard to install a security plugin.
Certain web hosts, like Siteground, will let you whitelist IP addresses to allow certain verified users to access the site while it is suspended. This can be used as a workaround too. To clean your website of malware, follow these steps:
- Contact MalCare support for a list of IPs to whitelist for cleaning
- Email your web host to whitelist your IP and the MalCare IPs
- Install the plugin, and make sure the site syncs from the dashboard
- The plugin will scan your website and find all the malware
- Click auto-clean to remove the malware
- Request your web host to rerun their scan and share the results
If, on the off chance the web host still finds malware on your website, share the results with the MalCare team, and they’ll take care of it for you. With each MalCare pro subscription, you get unlimited cleanups.
Why do we recommend MalCare?
MalCare is the best-in-class security plugin, which uses intelligent detection techniques to find and remove malware. This is in stark contrast to the file-matching algorithms used by other WordPress security plugins.
In addition, MalCare has some standout features:
- Surgically removes only malware from your website, leaving your data and website completely intact and pristine
- Flags underlying vulnerabilities and backdoors, so that the reason your website got hacked in the first place is also addressed, and thus prevents reinfection
- Has an integrated firewall which repels bad IPs before they even hit your website, as well as bad bots from scraping your website or attempting to hack your website
MalCare protects over 200,000 websites daily from attacks. It includes daily scans, which alert you to any hack attempts or malware on your website instantly. Additionally, if you need further assistance, MalCare’s support team is available 24/7 to help customers solve their security issues.
Why we recommend this method?
Without access to the site, malware removal will be a tedious manual process, often becoming much more expensive. Therefore, our goal is to try and get the site up and running even if temporarily. If the web host does not restore the site, then you will be forced to use FTP to clean up your site.
2. Hire a WordPress security expert to clean your website
If you were not able to get your web host to whitelist IPs addresses for cleaning, then this is your next best option. Use expert services like MalCare Concierge or Sucuri to clean up your site.
An expert cleaning service will use FTP to access your website files, and clean the malware manually. This is a time-consuming, tedious process, because FTP can work very slowly, and manually checking each file and database table is a thankless task. For these reasons, this is an expensive proposition.
The steps to get your website clean by an expert cleaning service are:
- Ask your web host to share the results of their security scans for clean up
- Share your FTP credentials with the clean up team, along with the scan results
- Wait for the security experts to manually remove hacked code and files
- Contact your web host to rescan your website, and request them to restore your website
On the upside, if you opt for MalCare Concierge, we include a year’s subscription for the plugin as well, for when your website is back live. MalCare scans, cleans and protects your website from all manner of threats, all in one security plugin.
3. Manually clean your website
You may be wondering why manually cleaning your website falls at the bottom of the list, considering we ordered it for cost-effectiveness.
We have seen far too many botched attempts at cleaning, that’s why. After struggling with malware removal, reinfections and broken websites, we get emails from frazzled admins at their wits’ ends. By that point, not only has the malware gotten worse, but the site is also in shambles, and there are a whole bunch of other problems.
Finally, it winds up costing the admin more than what it would have if they had gone with an expert cleaning service—which is pricey in its own right.
If you choose to remove the malware manually yourself, here are the steps to do so:
a. Get a list of the hacked files from your web host. This is a good starting point, and can help you at least get your site up and running once again.
b. Take a backup of your website. This is a non-negotiable part of this process. If things go awry, a hacked website is better than no website at all. Plus, if your web host decides to delete your website, you can at least recover it using a backup.
c. Look for the malware in the files indicated by your web host. Cleaning this is a good start, but it is entirely possible that malware is also present elsewhere, but your web host’s scanner wasn’t able to detect it.
At this point, you should be able to get your web host to restore your website. At least you can then install and use a security plugin to scan your website more thoroughly to find all the instances of malware.
d. Reinstall WordPress, all your plugins and themes. Make sure to download them from the repository, and that the versions match what was originally on your website.
We have a detailed breakdown of manual cleaning in this article. However, malware can vary greatly on multiple counts: how it manifests, what it does, where the hacks appear, how the hack was achieved, and much more. It is impossible to account for all these variations.
Next steps after getting rid of malware from your website
The malware is gone, but there is still the issue of how it got hacked in the first place. This is usually because of vulnerabilities, backdoors or compromised user passwords. These steps will help you close out the cleaning process, by plugging the gaps.
- Clear all caches (WordPress + browser): Caches are great for improving website performance. However, they do that by storing old versions of your website. If your website has just been cleaned, you want to clear out the cache so that the latest version of your website is shown to visitors.
- Change passwords of everything: User accounts, database, FTP, hosting account, and everything in between. In fact, we would go a step further and review all user accounts as well. Remove any unused ones, and require the active ones to have strong, unique passwords.
- Update everything: Once you regain access to your website, update WordPress, plugins and themes at the earliest opportunity. Vulnerabilities are often discovered and then patched in updates.
- Remove nulled software: Nulled themes and plugins are just a no-no. They invariably come with malware or backdoors, and if you use them, it is almost certain that the hack came from there.
Also consider removing any extra, unused plugins and themes from your website. We have also witnessed forgotten WordPress installations on the website, which have been the cause of infection. This is because it doesn’t get updated or reviewed as often as the primary site. If possible, get rid of these as well.
What to do if your website is using excessive server resources?
Your website likely exists on your web host’s server with hundreds, if not thousands, of other websites. Resources, like processing power, memory, and storage, are shared by all the websites that exist on that server. To make sure that all the websites hosted on a shared hosting plan get a fair amount of server resources, web hosts set a cap on those resources for each account.
Usually, a web host will alert you if you are reaching or exceeding the resource limit before suspending your account. So if you have received emails about reaching the resource limits, it is a good time to start analyzing your hosting usage. Some of the questions you should ask are:
- What is causing my site to consume so many resources?
- Is this a sudden spike, or has the increase been gradual?
- Does my analytics tally with the increase in resources?
Bad bots and malware
If the increase is sudden, then you may be experiencing bot traffic. Bad bots are a menace, scraping data from websites, trying to hack them by brute force attacks or by creating spam. There are of course good bots, like googlebot, but they do not overwhelm server resources.
Malware can cause sites to get overloaded and use up excessive resources. We have listed malware as a separate reason why the web host suspended your account, but it is possible that the malware went undetected by the web hosts altogether. Almost every web host we have seen uses basic malware scanners, so there are several types of malware that get missed.
Poorly coded plugins and themes
There is most likely an errant plugin or theme which is using excessive resources. Unfortunately, this is extremely hard to debug, because while some hosts like Cloudways will show you resource usage, most web hosts don’t have such granular data.
You can try deactivating the plugins and themes one at a time to see which one is causing the excessive consumption, but it is an ineffective and time-consuming process. You may need to involve an expert developer at this point of time.
A quick fix, if you have backups, is to migrate to another hosting provider with better resource plans. This will get your website up and running quickly, and you can debug at your leisure.
Set up a cache to reduce the number of requests
Caching can help solve the problem associated with the load. Browser caches, for instance, store a version of your website locally, so the browser doesn’t have to download the data again to display your website.
Similarly, CDNs store content in proxy servers around the world, so when a user requests content, it doesn’t have to go all the way to the server to load.
Caching is actually a way to speed up website load times and to better user experience, but it can reduce the number of server requests considerably as well.
Consider upgrades carefully
It may be tempting to upgrade and solve the problem, however, it can be a superficial fix. Often, there is an underlying problem, and moving to a higher plan will not fix these issues. To prevent bot traffic, you need to have a firewall for your website.
How to deal with payment issues and policy violations?
In our opinion, these issues are easily dealt with, so we have clubbed them together. The resolution is mainly to contact the web host and work with them till your site is back up and running.
Web hosts have your credit card information on file, and will charge it automatically at the time of renewal. These transactions can fail for multiple reasons like insufficient funds, expired cards, or fraud prevention. You will then get an email saying that the transaction has failed, and to please update your payment information. In fact, most of them will send reminders several times a month before the due date via email as well, if you are on a yearly subscription plan.
This is the most common reason web hosts suspend your website, and show you the “This account has been suspended” message. The fix is simple enough. Just make your payment and the site will be up and running in no time. We also recommend switching to an annual subscription, to avoid suspension hassles and missing reminders.
Other policy violations
Alright, we can all acknowledge we rarely read the fine print. We assume that what we want to do is probably permitted under the policies, but that is not always the case. And now, unfortunately, we have to refer to the policy documents.
Having said that, most of the policy violations we have seen stem from the content on your website. Which makes sense, seeing as that is what you are adding to your website. Hosting providers draft wide-ranging policies on the kind of content you can publish on your website.
The suspension is caused under circumstances such as copyright violations, spam generation, unsolicited emails, unauthorized admin use, and storing illegal material on the server.
Some web hosts also enforce policies around political content and the sales of dubious pharmaceutical products. One of the emails we received was from an erstwhile pharmacy website, and the web host objected to the products on sale because they are highly regulated. The site was suspended, the account was then deleted, and the admin was refunded their money.
Sometimes, that’s just how things play out.
How to remove account suspended warning by submitting a review request?
To get your web host to unsuspend your account, you have to address the issue that caused the suspension. Then you email them with a request to review the suspension reasons.
Make sure that your review request is precise, relevant, and describes the steps you have taken to address the suspension.
For brownie points, you may also update your themes and plugins, and download a security plugin. This will show your web host how serious you are about website security.
Why does your web host care if there is malware on your website?
This is a good question, because it does feel like you are the one losing your website, right? In actuality though, hacked websites affect all website stakeholders negatively, right from you as the admin and your website’s visitors, but also the hosting company and Google.
Hacked WordPress websites can dupe people into sharing their credentials and passwords, sometimes even credit card numbers. Some malware uses your website to infect other websites, and thus perpetuates the cycle. In short, everyone except the hacker loses because of malware.
Apart from these broad issues with malware, web hosts have a lot to lose if there are hacked websites on their servers. For instance:
- Hacked websites consume a ton more resources than they normally should for many reasons, like bad bot traffic or brute force attacks. This degrades the performance of other customer websites on the same server, if you happen to be on shared hosting.
- ISPs penalise them heavily for malware detected on their servers
- Cloud providers and data centres will give them warnings about the malware
- It is a security risk for other customer websites, even if they have barriers between websites that protect them. It is not a risk worth taking, even if the chances are infinitesimal.
- Their IPs get blacklisted, because other firewalls detect malware as originating from their servers. On top of that, your website can be used to infect other websites.
Overall, a web host’s brand and revenue is at stake when they are hosting a hacked website. So web hosts have good reasons to be zealous about malware on websites.
How to prevent malware from infecting your website again?
Now that your website is live again, there are a few things you can do to keep your website safe.
- Install security plugin
- Review user accounts and passwords frequently
- Keep updating everything
- Invest in good backups
- Harden WordPress
The biggest issue with malware removal is reinfection, and many admins finds that they’ve spent a considerable amount on cleaning, only to discover that the whole nightmare plays out again in a few days or weeks.
What is the impact of web host account suspension?
As a result of your web host suspending your website, you must have observed several negative effects of your website being taken offline.
- Plummeting SEO
- Loss of visitors and revenue
- Damage to your brand
- Potential legal issues
- The cost of cleaning your website
These are just a few of the things that can happen when your website is hacked. None of them are pleasant, and everyone loses as a result. Except for the hacker, of course.
We have outlined the most common reasons why web hosts suspend sites, with concrete measures to take. That being said, your web host will be able to shine a light on why they suspended the account. They may or may not be helpful in resolving the issue, which is where we have stepped in.
We hope that this article was helpful in what is a terribly stressful situation. If you have any questions or require assistance with your website, please drop us an email. We are more than happy to help!
Follow our handy guides on how to recover your site from google warning messages:
What does it mean when a website says ‘account suspended’?
When a website has received an “account suspended” notice, it means that the web host has taken your site down temporarily. They do it for a number of reasons like malware infection, excessive use of server resources, payment failure, and other policy violations.
In order to resolve the issue, you need to contact your web host for more information. Then take measures accordingly to resolve them.
How to access a suspended WordPress website?
You cannot access a suspended website. You have to contact your web host, learn the cause of suspension, and fix your site. When your web host removes the suspension, you can access your WordPress site.
There are many reasons why a web host may have suspended your website. If it is because your website was hacked, you need to ask them to whitelist IPs, so that you can clean the website.
Payment cleared but site still showing the “This account has been suspended.”
On certain occasions, even after you have cleared your payments, your site still shows your account has been suspended notice. If this happens, contact your web host. They will help you get your site up and running in no time.
What to do when my website appears blank after the suspension is removed?
If your site looks blank even after the suspension is removed, contact your web host. Don’t worry, this is probably a technical error. Your site should be up and running in no time.
How to clean a site suspended because of malware infection?
To clean malware infection from a suspended website, use a security plugin. To install the plugin, request your web host to whitelist your IP and that of the security plugin servers. Then install the plugin, and clean the malware. To use MalCare’s auto-clean feature to remove malware in minutes, contact the MalCare support team to know which IPs to get whitelisted.
You may also like
When it comes to managing a WordPress website, WordPress logs are an indispensable diagnostic tool. They provide a comprehensive record of website activities in real-time and help track a wide…
As new site owners, navigating your way through the world of website security can be daunting. A pervasive notion across numerous articles online is that changing your database prefix is…
When it comes to troubleshooting issues on your WordPress site, WordPress error logs are a godsend. Logs are snapshots about issues on your site, showing verbose error messages so you…
How can we help you?
If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.