Recover a compromised website

If your hosting account has been compromised through hacking or unauthorised activity, it may be suspended. A suspended website does not allow access to the public or to the account holder. The purpose of suspension is minmise the potential damage to the account holder, the associated files and data and to other users of the hosting system.

In a suspended state the website affects online reputation and does not fulfill its intended purpose. It is the account holder's responsibility to restore the contents of the hosting account to a clean and safe condition before public access will be restored.

To restore public access to a compromised website you need to satisfy three conditions;

  1. Removal of the offending code.
  2. Removal of the access that allowed offending code to be installed on your hosting account.
  3. Action to prevent further unauthorised access and use of your hosting account.

Threat Removal

With thousands of folders and files on most web hosting accounts, finding and deleting the offending code is impossible to do manually and can be very difficult even using automated search and destroy software. Some hosting account offer an anti-virus scanning and removal option. Try this to begin with. Sites hosted on can request anti-virus scanning and removal through a support ticket.

If you have a clean backup, it is possible to restore uninfected files and database from a backup. offending code can be located in all kinds of files and in database content so, both backups are important. It is difficult to know whether or not your files and data are clean.  Abusive code can lie dormant for a long time without revealing its presence. In most cases a backup 2-4 weeks old will provide a clean set of files and data. The disadvantage of restoring old backups is that any files or data updated between now and the last backup are lost. Where customer data is involved this can be damaging. Expert  recovery of current important data is strongly recommended.

Removal of unauthorised access

Hackers access your hosting account through front door and back door methods.  To secure the front door, change all access passwords and use very strong new passwords.

Back door methods many and varied. The easiest way of securing your back doors are to use up to date software components. Your content management system, themes and plugins should be the latest versions. You should only use components that have  recently been updated. Updates are most important for the additional security they provide closing unforeseen access points.

Securing your system and data against future attack

  • Make regular file and database backups. Store them securely offsite.
  • Talk all reasonable steps to harden your cPanel and Wordpress systems. Hardening comes at the cost of flexible usability, but out of the box both systems are weak and can be hardened to provide more security without too much inconvenience.
  • Install security plugins on your Wordpress installation.
  • Control access to your hosting account. Maintain tight security.
  • Monitor your website for abnormal activity. provides WP-Guardian for ongoing site security and performance management.


Was this answer helpful?

 Print this Article

Also Read

cPanel Username and Password

I've forgotten/lost my cPanel username or password. Can you provide it for me?Your cPanel...

About .htaccess

.htaccess files (or "distributed configuration files") are a way to make configuration changes on...

About robots.txt

Web site owners use the /robots.txt file to give instructions about their site to web robots;...

CAPTCHA telling humans and computers apart automatically

This article explains CAPTCHA, an acronym which stands for "Completely Automated Public Turing...

Anti virus scan your hosting space in cPanel

Don’t wait for the server malware scanner to pick up suspicious files in your hosting space....

Powered by WHMCompleteSolution