This Account Has Been Suspended: What Does It Mean & How to Fix It
by
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.
There is nothing as disconcerting as trying to visit or log into your website, only to see a notice saying ‘This account has been suspended. contact your hosting provider for more information.’
Your account has been suspended means that the hosting provider has temporarily taken your site offline. We want to stress at this point that although all seems lost, it most certainly is not.
Web hosts suspend websites for different reasons like hosting security, spam content, payment failure, and other policy violations. The notice is deliberately obscure, without a clear indication of what has happened and how to fix it because everyone who visits your site will also see this message.
Before doing anything else, scan your site for malware. This is the primary reason sites get suspended, and the one that you can and should resolve the fastest.
Don’t panic, we’re here to help. By the end of this article, you’ll know exactly how to fix the ‘this account has been suspended‘ issue, and get your website live as fast as possible.
TL;DR: There are many reasons why web hosts suspend sites, but the most serious one is malware. Scan your site immediately to figure out if that is the case. MalCare has an integrated firewall and includes unlimited cleanups for your website.
What does “This account has been suspended” means?
“This account has been suspended” error means that your website has temporarily been taken offline by your hosting provider. Hosting providers can suspend websites for many reasons, like malware infection, excessive use of server resources, payment failures, and other policy violations.
When you, or anyone else for that matter, try to visit your website, you will see a message saying that your account has been suspended. Moreover, you generally won’t be able to log into your wp-admin or into your hosting provider account.
Or you could see your website redirected to the following URL: /cgi-sys/suspendedpage.cgi
If you are using a reputable hosting provider, they will usually send an email explaining why they have suspended your account, and what measures you should take to resolve the issue. For instance, if they detected malware on your website, they may whitelist IPs so that you can resolve the issue.
Effectively, your website is offline. Again, depending on your host, it could be in imminent danger of being deleted. Bluehost, for example, is very trigger-happy on this front. Siteground usually quarantines your website, so that you have a chance to clean it.
Additional resources:
Why your web host suspended your site?
There are a few reasons why web hosts suspend websites. The most common reasons are:
Before we get into dealing with suspension itself in the next section, we want to assure you that you are not alone. We have seen lots of panicked emails from website admin because one minute their website worked just fine, and the next minute their account was suspended.
💡The situation is entirely fixable if you act fast. Scan your site for malware and you will be on the path to fixing the issue.
Step 1. Fix ‘This account has been suspended’ issue
Before we get into dealing with the issue itself, we need to identify the cause of the suspension. As we discussed, this should be clear through the email that they share with you.
But if you haven’t received an email, or it isn’t very clear, you can always contact your web host for details. Depending on the cause of suspension, you can follow the procedure mentioned below to fix the suspension issue.
Fix 1. Remove malware from the suspended website
Out of all the reasons that the web host suspended the account, malware is the most tricky to resolve because web hosts can delete the account and all the websites without warning if the situation is not resolved quickly. If your web host has detected malware (malware like favicon virus etc;) on your website, this is the most critical problem to solve.
⚠️ Check if your site has been hacked. Once you have a scan report, you can proceed much faster.
There are a few ways to clean malware from your website, depending on whether or not you can regain access to it. We have ordered this list on the basis of cost-effectiveness as well.
Option 1. Clean your website with a security plugin [RECOMMENDED]
Websites are significantly easier to clean if they are up and running. It will let you run a specialized security plugin like MalCare. The trouble with hacked WordPress sites being suspended is that you cannot access your dashboard to install a security plugin.
Certain web hosts, like Siteground, will let you whitelist IP addresses to allow certain verified users to access the site while it is suspended. This can be used as a workaround too. To clean your website of malware, follow these steps:
- Contact MalCare support for a list of IPs to whitelist for cleaning
- Email your web host to whitelist your IP and the MalCare IPs
- Install the plugin, and make sure the site syncs from the dashboard
- The plugin will scan your website and find all the malware
- Click auto-clean to remove the malware
- Request your web host to rerun their scan and share the results
If, on the off chance the web host still finds malware on your website, share the results with the MalCare team, and they’ll take care of it for you. With each MalCare pro subscription, you get unlimited cleanups.
Why do we recommend MalCare?
MalCare is the best-in-class security plugin, which uses intelligent detection techniques to find and remove malware. This is in stark contrast to the file-matching algorithms used by other WordPress security plugins.
In addition, MalCare has some standout features:
MalCare protects over 200,000 websites daily from attacks. It includes daily scans, which alert you to any hack attempts or malware on your website instantly. Additionally, if you need further assistance, MalCare’s support team is available 24/7 to help customers solve their security issues.
Why we recommend this method?
Without access to the site, malware removal will be a tedious manual process, often becoming much more expensive. Therefore, our goal is to try and get the site up and running even if temporarily. If the web host does not restore the site, then you will be forced to use FTP to clean up your site.
Option 2. Hire a WordPress security expert to clean your website
If you were not able to get your web host to whitelist IPs addresses for cleaning, then this is your next best option. Use expert services like MalCare or Sucuri to clean up your site.
An expert cleaning service will use FTP to access your website files, and clean the malware manually. This is a time-consuming, tedious process, because FTP can work very slowly, and manually checking each file and database table is a thankless task. For these reasons, this is an expensive proposition.
The steps to get your website clean by an expert cleaning service are:
- Ask your web host to share the results of their security scans for clean up
- Share your FTP credentials with the clean up team, along with the scan results
- Wait for the security experts to manually remove hacked code and files
- Contact your web host to rescan your website, and request them to restore your website
On the upside, if you opt for MalCare Concierge, we include a year’s subscription for the plugin as well, for when your website is back live. MalCare scans, cleans and protects your website from all manner of threats, all in one security plugin.
Option 3. Manually clean your website
You may be wondering why manually cleaning your website falls at the bottom of the list, considering we ordered it for cost-effectiveness.
We have seen far too many botched attempts at cleaning, that’s why. After struggling with malware removal, reinfections and broken websites, we get emails from frazzled admins at their wits’ ends. By that point, not only has the malware gotten worse, but the site is also in shambles, and there are a whole bunch of other problems.
Finally, it winds up costing the admin more than what it would have if they had gone with an expert cleaning service—which is pricey in its own right.
If you choose to remove the malware manually yourself, here are the steps to do so:
a. Get a list of the hacked files from your web host. This is a good starting point, and can help you at least get your site up and running once again.
b. Take a backup of your website. This is a non-negotiable part of this process. If things go awry, a hacked website is better than no website at all. Plus, if your web host decides to delete your website, you can at least recover it using a backup.
c. Look for the malware in the files indicated by your web host. Cleaning this is a good start, but it is entirely possible that malware is also present elsewhere, but your web host’s scanner wasn’t able to detect it.
At this point, you should be able to get your web host to restore your website. At least you can then install and use a security plugin to scan your website more thoroughly to find all the instances of malware.
d. Reinstall WordPress, all your plugins and themes. Make sure to download them from the repository, and that the versions match what was originally on your website.
We have a detailed breakdown of cleaning a hacked site. However, malware can vary greatly on multiple counts: how it manifests, what it does, where the hacks appear, how the hack was achieved, and much more. It is impossible to account for all these variations.
Next steps after getting rid of malware from your website
The malware is gone, but there is still the issue of how it got hacked in the first place. This is usually because of vulnerabilities, backdoors or compromised user passwords. These steps will help you close out the cleaning process, by plugging the gaps.
Also consider removing any extra, unused plugins and themes from your website. We have also witnessed forgotten WordPress installations on the website, which have been the cause of infection. This is because it doesn’t get updated or reviewed as often as the primary site. If possible, get rid of these as well.
Fix 2. Resolve excessive usage of server resources
Your website likely exists on your web host’s server with hundreds, if not thousands, of other websites. Resources, like processing power, memory, and storage, are shared by all the websites that exist on that server. To make sure that all the websites hosted on a shared hosting plan get a fair amount of server resources, web hosts set a cap on those resources for each account.
Usually, a web host will alert you if you are reaching or exceeding the resource limit before suspending your account. So if you have received emails about reaching the resource limits, it is a good time to start analyzing your hosting usage. Some of the questions you should ask are:
Bad bots and malware
If the increase is sudden, then you may be experiencing bot traffic. Bad bots are a menace, scraping data from websites, trying to hack them by brute force attacks or by creating spam. There are of course good bots, like googlebot, but they do not overwhelm server resources.
Malware can cause sites to get overloaded and use up excessive resources. We have listed malware as a separate reason why the web host suspended your account, but it is possible that the malware went undetected by the web hosts altogether. Almost every web host we have seen uses basic malware scanners, so there are several types of malware that get missed.
Poorly coded plugins and themes
There is most likely an errant plugin or theme which is using excessive resources. Unfortunately, this is extremely hard to debug, because while some hosts like Cloudways will show you resource usage, most web hosts don’t have such granular data.
You can try deactivating the plugins and themes one at a time to see which one is causing the excessive consumption, but it is an ineffective and time-consuming process. You may need to involve an expert developer at this point of time. Some security plugins like Wordfence cause these performance issues.
A quick fix, if you have backups, is to migrate to another hosting provider with better resource plans. This will get your website up and running quickly, and you can debug at your leisure.
Set up a cache to reduce the number of requests
Caching can help solve the problem associated with the load. Browser caches, for instance, store a version of your website locally, so the browser doesn’t have to download the data again to display your website.
Similarly, CDNs store content in proxy servers around the world, so when a user requests content, it doesn’t have to go all the way to the server to load.
Caching is actually a way to speed up website load times and to better user experience, but it can reduce the number of server requests considerably as well.
We recommend using a speed optimisation plugin to take care of caching and improve performance in one fell swoop.
Consider upgrades carefully
It may be tempting to upgrade and solve the problem, however, it can be a superficial fix. Often, there is an underlying problem, and moving to a higher plan will not fix these issues. To prevent bot traffic, you need to have a firewall for your website.
Fix 3. Deal with payment issues and policy violations
In our opinion, these issues are easily dealt with, so we have clubbed them together. The resolution is mainly to contact the web host and work with them till your site is back up and running.
Payment issues
Web hosts have your credit card information on file, and will charge it automatically at the time of renewal. These transactions can fail for multiple reasons like insufficient funds, expired cards, or fraud prevention. You will then get an email saying that the transaction has failed, and to please update your payment information. In fact, most of them will send reminders several times a month before the due date via email as well, if you are on a yearly subscription plan.
This is the most common reason web hosts suspend your website, and show you the “This account has been suspended” message. The fix is simple enough. Just make your payment and the site will be up and running in no time. We also recommend switching to an annual subscription, to avoid suspension hassles and missing reminders.
Other policy violations
Alright, we can all acknowledge we rarely read the fine print. We assume that what we want to do is probably permitted under the policies, but that is not always the case. And now, unfortunately, we have to refer to the policy documents.
Having said that, most of the policy violations we have seen stem from the content on your website. Which makes sense, seeing as that is what you are adding to your website. Hosting providers draft wide-ranging policies on the kind of content you can publish on your website.
The suspension is caused under circumstances such as copyright violations, spam generation, unsolicited emails, unauthorized admin use, and storing illegal material on the server.
Some web hosts also enforce policies around political content and the sales of dubious pharmaceutical products. One of the emails we received was from an erstwhile pharmacy website, and the web host objected to the products on sale because they are highly regulated. The site was suspended, the account was then deleted, and the admin was refunded their money.
Sometimes, that’s just how things play out.
Step 2. Submit a review request
To get your web host to unsuspend your account, you have to address the issue that caused the suspension. Then you email them with a request to review the suspension reasons.
Make sure that your review request is precise, relevant, and describes the steps you have taken to address the suspension.
For brownie points, you may also update your themes and plugins, and install a security plugin. This will show your web host how serious you are about website security.
Why does your web host care if there is malware on your website?
This is a good question, because it does feel like you are the one losing your website, right? In actuality though, hacked websites affect all website stakeholders negatively, right from you as the admin and your website’s visitors, but also the hosting company and Google.
💡 Having a scanner automatically check your site for malware daily is a great preventive step to avoid this situation.
Hacked WordPress websites can dupe people into sharing their credentials and passwords, sometimes even credit card numbers. Some malware uses your website to infect other websites, and thus perpetuates the cycle. In short, everyone except the hacker loses because of malware.
Apart from these broad issues with malware, web hosts have a lot to lose if there are hacked websites on their servers. For instance:
Overall, a web host’s brand and revenue is at stake when they are hosting a hacked website. So web hosts have good reasons to be zealous about malware on websites.
How to prevent malware from infecting your website again?
Now that your website is live again, there are a few things you can do to keep your website safe.
- Install security plugin
- Review user accounts and passwords frequently
- Keep updating everything
- Invest in good backups
- Harden WordPress
The biggest issue with malware removal is reinfection, and many admins finds that they’ve spent a considerable amount on cleaning, only to discover that the whole nightmare plays out again in a few days or weeks.
What is the impact of web host account suspension?
As a result of your web host suspending your website, you must have observed several negative effects of your website being taken offline.
These are just a few of the things that can happen when your website is hacked. None of them are pleasant, and everyone loses as a result. Except for the hacker, of course.
Conclusion
We have outlined the most common reasons why web hosts suspend sites, with concrete measures to take. That being said, your web host will be able to shine a light on why they suspended the account. They may or may not be helpful in resolving the issue, which is where we have stepped in.
We hope that this article was helpful in what is a terribly stressful situation. If you have any questions or require assistance with your website, please drop us an email. We are more than happy to help!
Follow our handy guides on how to recover your site from google warning messages:
FAQs
What does it mean when a website says ‘account suspended’?
When a website has received an “account suspended” notice, it means that the web host has taken your site down temporarily. They do it for a number of reasons like malware infection, excessive use of server resources, payment failure, and other policy violations.
In order to resolve the issue, you need to contact your web host for more information. Then take measures accordingly to resolve them.
How to access a suspended WordPress website?
You cannot access a suspended website. You have to contact your web host, learn the cause of suspension, and fix your site. When your web host removes the suspension, you can access your WordPress site.
There are many reasons why a web host may have suspended your website. If it is because your website was hacked, you need to ask them to whitelist IPs, so that you can clean the website.
Payment cleared but site still showing the “This account has been suspended.”
On certain occasions, even after you have cleared your payments, your site still shows your account has been suspended notice. If this happens, contact your web host. They will help you get your site up and running in no time.
What to do when my website appears blank after the suspension is removed?
If your site looks blank even after the suspension is removed, contact your web host. Don’t worry, this is probably a technical error. Your site should be up and running in no time.
How to clean a site suspended because of malware infection?
To clean malware infection from a suspended website, use a security plugin. To install the plugin, request your web host to whitelist your IP and that of the security plugin servers. Then install the plugin, and clean the malware. To use MalCare’s auto-clean feature to remove malware in minutes, contact the MalCare support team to know which IPs to get whitelisted.
Share it:
You may also like
MalCare Protects Against Critical Vulnerabilities in Ultimate Membership Pro Plugin
On February 23rd, 2024, two severe security vulnerabilities were found in the Ultimate Membership Pro plugin, affecting versions up to 12.7. These vulnerabilities could allow attackers to upgrade their user…
A Complete Guide to the php.ini WordPress File
Is your WordPress site running slowly or showing strange errors? Are you experiencing performance issues on your site and want solutions? From malware attacks to your site running out of…
Security WordPress Theme: How to Keep Your Site Safe While Looking Good
Themes go beyond appearance and also affect your WordPress site’s security and its functioning. A vulnerable theme can act as a gateway for hackers to access your site. If your…
How can we help you?
If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.
My site is hacked – Help me clean it
Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.
Secure my WordPress Site from hackers
MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.