How To Fix “This Account Has Been Suspended” Message On Your Website
The “This Account has been suspended” message can appear on your website for various reasons, but regardless of why access to it was restricted, you will face downtime and revenue loss if the ban is not lifted in a reasonable amount of time. Knowing why your hosting provider disabled access to your website and how you can get it up and running again and avoid it from happening again is critical.
In this article, we will provide you with all the information you need to fix the “This Account has been suspended” message on your website and implement the best security practices to avoid it from happening in the future.
“This Account Has Been Suspended” Meaning
When you see the “This Account has been suspended” message on your website, it means that your web hosting provider has put a rule in place to redirect all traffic to the suspension page. This is done to restrict access to your website for various reasons.
The Suspension Message Page
The page showing you the “This Account Has Been Suspended” message is usually provided by the hosting control panel as a default one or created by the web hosting provider. What you need to understand is that it is an actual web page on the server that all web traffic coming to your website is redirected to.
The default suspension page tells your website visitors that this site has been suspended which can make them believe that it no longer exists or is not trustworthy. It can negatively impact your business, so changing it to a custom maintenance page might be reasonable. You will need to negotiate whether you can redirect traffic to another web page with your web hosting provider.
How is Access Restricted With Website Suspension?
When your website has been suspended, you will not be able to view any content or access the admin dashboard of the content management system used. It means that you will no longer be able to access your WordPress Dashboard to use one of the backup or security plugins in the vast majority of cases.
If you have root access to the server, you will still be able to access your website’s web hosting control panel account, for example, your cPanel or SiteWorx accounts. If you are on a shared hosting plan, you will need to ask your hosting provider to allow access to be able to work on your site without having to use the command line interface.
As the redirect often only affects web traffic, you can connect to your website via SSH, FTP, or SFTP. All these tools, including the File Manager interface can help you get access to your website files and database and address all issues.
Why Your Host Would Suspend Your Site? 3 Main Reasons
There are multiple reasons why your web hosting provider may suspend your website, and we will review all of them below. However, most reasons for website and account-level suspension are always outlined in an Acceptable Usage Policy that you should review carefully before you move your websites over to a new hosting provider.
There are three main reasons why you may see the “This site has been suspended” message on your website:
- Violation of the Acceptable Usage Policy
- Server resources overuse
Let’s review what each of these includes and what it means for your websites.
Reason 1: Acceptable Usage Violation
The Acceptable Usage Policy provided by your web hosting provider includes specific rules developed by your web hosting provider that outline what types of content can be hosted, and what activities the given IT infrastructure can be used for. It also defines what measures the hosting provider can take in case of a violation of the Acceptable Usage Policy.
Let’s review the most common cases of AUP violation that will lead to your website showing “This Account has been Suspended”.
The main reason why your website may be suspended is because it has been hacked and actively used for malicious purposes. This includes a large group of issues, the most common of them are following:
- Malware. Your website is infected and used to distribute malware, and visiting it may result in malicious content downloaded to the visitor’s computer or personal data stolen, for example, stealing credit card information on the checkout.
- Phishing. Your website may host phishing pages aimed at stealing account information.
Spam. This includes sending large amounts of unsolicited email, including having mailing lists without a properly configured double opt-in.
- Network attacks. Your site may be the source of outbound network attacks, for example brute force attacks aimed at getting access to other servers or individual websites.
- Unauthorized access. In some cases, your website can be used as an entry point for gaining control over other websites on the server or system-wide, or root access, which leads to very serious consequences.
All security issues outlined above are caused by hackers gaining access to the website by exploiting vulnerabilities, and then using it to perform malicious activities. Hackers can gain access to one website on the server and use privilege escalation to gain system-wide access or log in as root initially and perform malicious actions.
Root-level compromise is an especially serious issue as it threatens the integrity of the whole system. Moreover the vast majority of hosting companies maintain proprietary server images that include certain server configurations and other modifications that can not be revealed.
All security issues pose a major threat to the hosting provider’s network, that is why if your website gets hacked and used for malicious purposes, you are very likely to see “This Account has been Suspended” message appear on it.
Hosting Illegal Content
You are not allowed to host any materials that infringe or otherwise violate any privacy, intellectual property, or personal rights. This includes using content protected by a copyright or patent. Once infringing content appears on your website, your web hosting provider will be alerted.
There are certain other rules that define what content you can host. The vast majority of hosting providers will not allow violent, abusive, or overall inappropriate content hosted on their servers. Unlike other issues that can lead to website suspension, there’s very little that you can do if you’re hosting a website with content that your hosting provider does not allow.
Reason 2: Non-payment
Non-payment is the second most common reason for seeing “This Account has been suspended” on your website. So if your account has been suspended, it is likely that you forgot to pay for your services and missed all notifications sent by your hosting provider.
It is especially common if you signed up for shared hosting services. If you have a private virtual or dedicated server, it is likely that it will be shut down completely before a payment is made, which means the sites hosted on it will be completely inaccessible.
Reason 3: Server Resources Overuse
Most hosting providers limit the amount of resources that they allocate to a particular website if the server hosts websites from different customers. This is how shared hosting works, making sure you only get the processing power you signed up for, and thus preventing resource overuse.
In rare cases, if your website receives an enormous amount of traffic which can happen during a promotion or a DDOS attack, your hosting provider may temporarily suspend it. The resource overuse can also be caused by malicious processes running under your website’s account, most likely carrying out outbound network attacks.
How to Fix Your Account Suspension in 3 Steps
Seeing that your account has been suspended is always frustrating, but the good news is that you can reactivate it by following the recommendations your hosting provider left for you when they notified you of the suspension. It will probably take some time to get your website functionality restored, but you can not waste any time if you noticed that the website had been suspended.
Follow the three steps below to reactivate your website and remove the “This account has been suspended” message.
Step 1: Review Your Emails and Active Tickets To Understand Why Your Site Was Suspended
Your web hosting provider can not do any modifications to your website without sending you a notification in an email or even giving you a call to let you know that your account has been suspended. So if you suddenly see the “This site has been suspended” message while visiting your website, the first thing you need to do is open your email and find the message sent by your hosting company.
Your hosting provider needs to include a reason for account or website suspension and attach their recommendations. They may vary depending on what exactly happened, and what needs to be done to reactivate your website, but reviewing the email carefully is critical if you want to fix the issue as soon as possible.
If you have any questions or feel that you need more information to resolve the reported issues, contact your web hosting support team for assistance. A server administrator can help you understand how to address the issue and give further recommendations.
Step 2: Remove All Malicious or Illegal Content and Secure Your Website
If you found out that the website had been suspended for non-payment, the services can be reactivated by making a payment. Otherwise, you will need to remove all malicious or illegal content from your website and take the necessary steps to secure the account in case it has been hacked.
Remove Illegal Content
If your website contains illegal content that was not uploaded to it as a result of a compromise, review what exactly does not comply with your hosting provider’s AUP and remove it. In extreme cases, you may be forced to remove the website from their network entirely if all content it hosts is not allowed by the hosting company.
Clean Up Your Hacked Website
When your hosting provider’s abuse or security team is alerted of security issues, they investigate it to find the source of the compromise, the scope, and identify all malicious content that was uploaded. They often also run malware scans to provide you with the list of malicious files that you need to review and clean.
Working with your team or gaining assistance from your hosting support, follow these steps for how to clean a hacked WordPress site. Review all content of your site and remove all phishing and malware, including malicious database injections. In some cases, when you know exactly when your website was compromised, you may be able to restore it from a clean backup.
While restoring from a backup might be faster and easier, you can lose all changes made to the website after the last clean backup of it was saved. Moreover, most of the time, you will only be able to restore the site from a backup manually by using the command line interface, which may present additional difficulties.
Secure Your Website
Even if you remove all malicious content that was uploaded by a hacker, without taking additional steps to secure the website, it is most likely that your website will be reinfected again in no time. It is crucial to identify the source of the issue and take the necessary action to prevent unauthorized access.
The general recommendations include having all passwords changed, including the control panel account password for your website, all FTP user passwords, CMS admin user passwords, and database access credentials. If spam was sent from the website, change all email account passwords. Hackers may also create additional CMS admin, email, or FTP accounts, so be sure to remove all of them.
Be sure to update all software, including all WordPress plugins, themes, and extensions, as well as the content management system version and PHP version. Conduct a revision of all add-ons you have on your website and remove everything that is installed from unverified sources or no longer used.
Step 3: Report The Steps You’ve Taken to Your Hosting Company
The final step to get your website unsuspended would be reporting all the steps taken to clean up your website to your web hosting provider. Describe everything you did in order to address security issues or let them know that all illegal content was removed.
Your web hosting provider’s abuse or security team will rescan your website, check if all passwords and software were updated. Once they have confirmed the website no longer poses a threat to their network, the access to your website will be restored, and you will no longer see the “This Account Has Been Suspended” message.
You may need to take additional steps, but your hosting provider should give you their further recommendations. The key thing is to work closely with security professionals to ensure that you have all security threats eliminated.
How to Prevent Future Account Suspensions
The best way to avoid account suspensions is to take a proactive approach to ensure your website security and pay for your hosting services on time.
Be sure to check your email and active tickets at all times. Most hosting companies send multiple notifications and even make phone calls before having your account suspended for non-payment.
If possible, configure automatic payments, so you do not have to log in and make a payment every month. Another option that can be beneficial is switching to the yearly billing cycle, especially if you plan to build a long-term business relationship with your current hosting provider. Moreover, most hosting companies offer discounts for prepay plans.
Review Your Hosting Provider’s Acceptable Usage Policy
Carefully read and review the AUP published by your web hosting provider as it outlines all rules and restrictions on the type of content you can host, and what you can use the server resources provided to you for.
The AUP and terms of service will also contain what actions the hosting provider can take to restrict access to your account. Some hosting companies will give you several warnings before actually putting the “This Account Has Been Suspended” page on your website, while others will do it immediately after receiving reports of abuse or illegal content hosted.
Secure Your Website
The best way to address security issues is minimize the chances of hackers gaining access to your website in the first place. This includes a number of measures that can ensure your website stays secure from various threats.
Keep Your Software Updated
The importance of performing regular updates or making the process automated is hard to overestimate. Software updates always patch the security vulnerabilities identified in the previous version of software, including content management systems and add-ons like plugins and extensions.
The vast majority of times, hackers gain access to your website by using a known weak spot in the software you are running. For example, some services and plugins are susceptible to privilege escalation which can help hackers obtain control over the whole server and potentially even remove all content you host.
Create a Backup Plan
Backups are essential for all website owners, and can prevent data loss or other unwanted consequences or server-side and security issues. Work out a good backup plan that will ensure your data is saved to a safe location, and can be used to quickly restore the functionality of your website or the whole system.
Most web hosting companies provide off-server backups that are saved to the cloud. You can also make use of the backup options provided by the chosen control panel, however these backups are likely to be saved to the same server that your website is hosted on.
The key thing that makes a great backup plan is data redundancy, which means keeping your backups in different locations. Using a backup plugin for WordPress is a great way to ensure that you can restore your website at all times. The BackupBuddy WordPress plugin from iThemes protects over a million WordPress sites, providing one-click restorations and keeping your backups in a safe, secure location.
Maintain an Access Control Policy and Use Robust Security Software
A great access control policy includes following the principle of least privilege and making use of additional access control measures like two-factor authentication and great firewall rules. The best way to protect your website is to ensure security on all levels.
This can include a web application firewall (WAF) provided by a content delivery network, a WordPress security plugin, and a firewall filtering traffic on the server. Enterprise-level customers also often have a hardware firewall providing an additional layer of security.
Choosing the right security plugin for WordPress is not an easy task with the number of add-ons available to website owners. What you need to be looking for is how well it can protect you from various network attacks and ensure all vulnerabilities are reported to you and patched as soon as possible.
The iThemes Security Pro plugin provides everything you need to ensure your WordPress website stays protected at all times. iThemes Security Pro offers more than fifty ways to secure and protect your website from common security vulnerabilities specific to WordPress.
The iThemes Security Pro Site Scan feature allows you to run scheduled vulnerability and malware scans that will alert you if a threat is identified. This way, you can address all security issues before they attract the attention of your web hosting provider that will restrict access to your website by putting the “This Account has been suspended” message on it.
In this guide, we have tried our best to help you understand how to remove the “This Account has been suspended” message from your website and ensure your websites stay protected from all kinds of security threats that presenting it to the internet inevitably subjects it to. Keeping your WordPress site secure is not an easy task, but with the help of modern security solutions like iThemes Security Pro you can be assured that your website stays available to your customers at all times.
The post How to Fix “This Account Has Been Suspended” Message On Your Website appeared first on iThemes.
>>> Read the Full Story at iThemes