This is by far one of the worst things a WordPress website owner or manager can receive from their hosting company. If you have received the dreaded “WordPress Hosting Suspended” communication from your hosting company, do not panic. This bad news will mean that your website is not online anymore and you must take action to get it cleaned up before your hosting account is reactivated. At this point you might be wondering how in the world can I clean my site if my WordPress Hosting is Suspended? Let us walk you through the steps you can take to get your site back in good standing with your hosting company and online again fast.

So to reverse your WordPress Hosting Suspended status we simply need to show the hosting company that your site files do not contain any malicious code or infections. Since your site is not online, it is not possible to scan your site files and isolate the ones that are bad. We must take a alternate approach to get us to a point where we can actually scan our website files using a WordPress plugin.


Step 1. Clear The State By Starting Fresh

Our main goal in the WordPress Hosting Suspended situation is to show the hosting company that all the files in our hosting account that were marked as being infected have been cleaned. The fastest and easiest way to do this is to remove them all of them and place in fresh files which we know for certain do not contain any infections. Since you can not access your site online you will need to do this step using either SFTP/FTP access or directly inside the File Manager of your web hosting control panel.

Using SFTP/FTP Access:
You want to remove all core WordPress files. These are the folders named “wp-admin” and “wp-includes”. You will also need to remove some other odd files that are not in folders but part of WordPress core. See the image below for the names of these files.

Once you have removed these, you need to replace them with fresh ones. Head over to WordPress.org and download the newest version of WordPress at the link below. We will come back to this file in a moment.

https://wordpress.org/latest.zip

You should now be left with a folder called wp-content and a file called wp-config.php. Transfer both the folder and file to a location on your computer. Once you have these both stored locally, you can now remove them from the server. Delete with no worries. In some installation environments, there may also be a .htaccess file or a web.config file in the root of your WordPress install. Transfer these locally as well and then remove them from the server.

At this point your hosting account should be empty. If you have other WordPress sites in your account, you need to repeat the process above for each one. Also if you have other folders that are storing files not related to WordPress, transfer them locally and then remove them from your hosting account. The goal we want here is to clear the hosting account.

Now let us go back to the WordPress zip file you downloaded earlier. You need to unzip it and then drop all the contents into your hosting account using the connection to SFTP/FTP. You have now accomplished a fresh and clean install of WordPress in your hosting account.

Using Web Hosting Control Panel File Manager:
The end result here is the same but the process is must faster because you are working at the server level and this will be much quicker than SFTP/FTP access. We will still delete all WordPress core files. Instead of transferring the files we need to backup, you can simply use the file manager interface to zip them up and then you can keep them on the server in zip file format which you can un-zip in a later step.


Step 2. Share With The Good News With The Host

So if you are still following along and completed step one, you are in a good place. Time to tell your hosting company that all the infected files inside your account have been removed. We have not actually done any cleaning yet but we have put ourselves in a place to reverse the WordPress Hosting Suspended status. Before your hosting company will reactivate your site, they will do a review to make sure all files in your account are clean. We know they are because we removed everything and replaced them with a clean install of WordPress.


Step 3. Restore Your Website and Files

After your host has verified that there are no more malicious files in your account, they will flip the switch and turn it back on. This is good news but you are still far from home. We need to now restore your actual website files that were backed up and removed in step #1.

Using SFTP/FTP Access:
Navigate to your WordPress install and delete the wp-content folder. Now place the wp-content folder you have backed up onto the server. Also drop back in the wp-config.php file you backed up as well. If there are other WordPress installs in your account repeat this process for each and place any other folders or files your hosting account is storing that you removed in step #1.

Using Web Hosting Control Panel File Manager:
Using the file manager software, you must first delete the wp-content folder of any WordPress install in your hosting account. Then navigate to any zip files you created in step #1 and un-zip them.


Step 4. Time to Start Cleaning Your WordPress Website Files

This step must be done right after the last step because if you do not act fast your hosting company will reinstate the WordPress Hosting Suspended status. At this point we will be able to log into your site and run a scan. There are a few different free plugins you can use to scan your site and isolate any infected files. Below are the ones that we recommend.

  1. FREE WordPress Infection Scanner Plugin
  2. WordFence

After you complete your scan you will need to take action and either replace the files that are infected with new fresh copies or open each file up and remove the malicious code. This can be completed by downloading the infected file, opening it in your favorite text editor and then removing the code. Now you need to save the file and replace it back on the server in the same location it came from. Repeat this process for each infected file that the scan turned up.


Step 5. Enhance WordPress Site Security

This is probably the most important step in this article. Going forward you want to avoid at all cost the nasty “WordPress Hosting Suspended” message happening again from your hosting company. The link below is a simple checklist you can follow to limit the chance of a re-infection to your site.

https://wpfixit.com/simple-wordpress-security-checklist

Hope you enjoyed and really hope this helped to get your site running smoothly again.