If you are reading this page, it means your website was detected performing malicious or abusive activity and has been temporarily disabled to protect our network and other customers.
We understand this can be stressful. This page explains why this happens, what your options are, and how we can help you get back online safely.
Why was my site disabled?
Your website was disabled because it showed signs of compromise, such as:
malicious outbound connections
brute-force or scanning activity
malware files detected in the website files
reports from our upstream providers or security partners
When this happens, we must act quickly to prevent:
further damage to your website
blacklisting of server IP addresses
disruption to other customers
Disabling access is a temporary containment measure, not a punishment.
What does “disabled” mean?
In most cases:
your website will not be publicly accessible
email services are not affected
your data has not been deleted
The site is simply prevented from loading until the issue is resolved.
Your options to get back online
You have three main options, depending on your situation.
Option 1 – WordPress Rescue Service (recommended)
If you would like us to handle everything for you, we offer a WordPress Rescue Service, which includes:
full malware and backdoor cleanup
removal of malicious files and processes
WordPress core, plugin, and theme updates
security hardening to reduce future risk
verification before re-enabling the site
This is the fastest and safest way to get your site back online.
👉 Ideal if you are not technical or want peace of mind.
Option 2 – Reset and reinstall WordPress
If you prefer to start fresh:
we can reset the website document root
you reinstall WordPress from scratch
you restore content manually or from a clean backup
security plugins and updates must be applied before reactivation
👉 Suitable if the site is small or content can be easily recreated.
Option 3 – Clean the site yourself
If you choose to clean the site yourself:
all malware and suspicious files must be removed
WordPress core, plugins, and themes must be updated
basic security measures must be in place
the site will be reviewed before re-enabling
Please note: incomplete cleanups often result in re-infection.
What happens after cleanup?
Once cleanup or rebuilding is complete:
you notify our support team
we verify the site is no longer compromised
public access is restored
Preventing this from happening again
After recovery, we strongly recommend:
keeping WordPress, plugins, and themes updated
using strong passwords and two-factor authentication
To protect our network and our customers, all WordPress websites hosted with UK Cheapest must meet the minimum security requirements outlined below.
Websites that do not meet these requirements are at a significantly higher risk of being hacked and may be temporarily restricted if they pose a security or abuse risk.
Why this is required
WordPress is a popular platform and is frequently targeted by automated attacks.
Most compromises occur due to:
outdated WordPress core
vulnerable or abandoned plugins
weak passwords
lack of basic security protection
Once a site is compromised, it can be used to send spam, perform attacks, or host malicious content. These activities can result in service disruption or action by upstream providers.
Minimum security requirements (mandatory)
All WordPress installations must meet all of the following requirements.
1. Keep WordPress fully up to date
WordPress core must be kept on the latest stable version
All themes and plugins must be kept up to date
Any themes or plugins that are not actively used must be deleted, not just disabled
2. Use strong login credentials
Strong, unique passwords must be used for all WordPress admin accounts
Do not reuse passwords from other websites or services
Remove any unused admin or user accounts
3. Install a security plugin
A reputable WordPress security plugin must be installed and active.
Examples include (but are not limited to):
Wordfence
iThemes Security / Solid Security
All In One WP Security
The security plugin should provide basic protection such as login rate limiting and malware scanning.
4. Protect the login page
At least one of the following must be enabled:
login rate limiting
CAPTCHA
two-factor authentication (recommended)
This significantly reduces brute-force and credential-stuffing attacks.
5. XML-RPC protection
XML-RPC must be disabled if it is not required, or
protected via a security plugin
Unprotected XML-RPC is a common attack vector.
6. File and plugin hygiene
No executable files or custom binaries should exist in the website document root
Plugins and themes must only be installed from trusted sources
Pirated, nulled, or unverified plugins/themes are not permitted
If your site is compromised
If a WordPress site is found to be compromised or generating malicious activity:
the site may be temporarily restricted to prevent further abuse
cleanup or rebuilding will be required before the site can be re-enabled
UK Cheapest offers a WordPress Rescue Service for customers who would like us to professionally clean and secure their site.
Important note
Meeting these minimum requirements significantly reduces risk, but no website can be guaranteed to be completely immune from attack. Ongoing maintenance and updates are essential for long-term security.
Need help?
If you would like assistance securing your WordPress site, or if you are unsure whether your site meets these requirements, please open a support ticket and our team will be happy to advise.
We’re pleased to announce that you can now add DKIM (DomainKeys Identified Mail) records directly through the Client Area DNS Manager for all parked domains.
What is DKIM?
DKIM is an industry-standard email authentication system that helps protect your domain name from being used for spam or phishing. It works by digitally signing outgoing messages so that receiving mail servers can verify they were genuinely sent from your authorised mail source.
When DKIM is active:
Your emails are less likely to be marked as spam
Recipients can trust that messages really came from you
Your domain reputation and deliverability improve
How it Works
Every DKIM setup uses two keys:
A private key, stored safely on the mail server that sends your messages
A public key, published in your domain’s DNS as a TXT record
When an email is sent, your mail server signs it with the private key. The receiving system checks that signature using the public key in your DNS.
Adding DKIM in the Client Area
If your mail service (for example Google Workspace, Microsoft 365, or your own server) provides you with a DKIM record, you can now publish it in just a few clicks.
Host/Name: the DKIM selector (for example, default._domainkey)
Value: the full DKIM record starting with v=DKIM1; k=rsa; p=…
Save changes and allow a few minutes for DNS to update
Once published, your mail provider’s DKIM checks should confirm that your domain is correctly authenticated.
Frequently Asked Questions
1. Do I need to set up DKIM for my domain?
If you send email using your domain name, yes – DKIM is strongly recommended. It helps protect your domain’s reputation and improves email delivery by verifying that messages weren’t altered in transit.
2. Where do I get my DKIM record?
Your DKIM record is generated by your email provider or mail server. For example, Google Workspace, Microsoft 365, or your web hosting control panel will each provide a v=DKIM1; p= record that you can copy and paste into your DNS Manager.
3. How long does it take for DKIM to start working?
Once you add your DKIM record, it can take anywhere from a few minutes to a few hours for DNS propagation. After that, emails sent from your domain should show as “signed” when checked by online DKIM testers.
4. Can I use DKIM on a parked domain?
Yes. Even if your domain is parked, you can add DKIM records in advance or if you’re routing mail through another system. This is especially useful for protecting your brand from spoofed messages.
5. What if my DKIM record doesn’t validate?
Check that your record is added as a single TXT entry, with no extra spaces, quotes, or missing characters. If you’re unsure, open a support ticket – our team will review your DNS record and help you get it verified.
Need Help?
If you’re unsure which DKIM record to use or your provider’s verification fails, open a support ticket and our team will review your DNS settings for you.
Tip: It’s normal to paste a DKIM record generated on another mail system into your DNS – just make sure it’s copied exactly as provided.
For further guidance, visit your email provider’s DKIM documentation or contact us anytime through the Client Area Support Centre.
Your website is the digital front door to your business. But what happens when that door closes and you don’t even know it?
PingSentry is a comprehensive website monitoring service designed specifically for businesses like yours – offering uptime monitoring, SSL certificate protection, and domain expiry alerts all in one simple dashboard.
Why Your Business Needs Website Monitoring
Every minute your website is down costs your business money, trust, and customers:
Lost Sales: The average small business loses $200 per hour during downtime
Security Warnings: Expired SSL certificates trigger “Not Secure” browser warnings, causing customers to abandon their carts immediately
Domain Disasters: An expired domain means your website, email, and business identity can disappear overnight – or worse, be stolen by domain squatters
Three Essential Monitors Every Business Needs
1. Uptime Monitoring
Checks your website every minute, 24/7
Instant email alerts the moment your site goes down
See your complete uptime history at a glance
99.9% of downtime caught within 60 seconds
2. SSL Certificate Protection
Monitors SSL certificate expiry dates
Alerts you 30 days before certificates expire
Supports custom SSL ports (Plesk, cPanel)
Protects your revenue, reputation, and Google rankings
3. Domain Expiry Alerts
Tracks domain expiration dates automatically
Multiple reminder alerts so you never forget
Works for .com, .co.uk, and 100+ TLDs
Prevents costly domain loss and squatting
Setup is Ridiculously Simple
Add Your Website – Enter your URL (takes 30 seconds, no code required)
We Monitor Everything – Automated checks run 24/7 across all three critical areas
Get Instant Alerts – Receive email notifications the moment something goes wrong
No IT team required. No plugins. No complicated setup.
Pricing That Makes Sense
Free Forever Plan
5 monitors
5-minute checks
Email alerts
1 public status page
Perfect for single-website businesses
No credit card required
Join Thousands of Businesses Already Protected
PingSentry is trusted by small businesses worldwide to keep their websites online, secure, and accessible. Our customers have prevented countless hours of downtime and protected millions in revenue.
Start protecting your business today – it takes just 2 minutes to set up, and our Free plan never expires.
1. What is a Custom Domain Email Address / Mailbox?
A Custom Domain Email Address (or mailbox) is an email account that uses your own website’s domain name instead of a generic email provider like Gmail or Yahoo. For example, instead of john.doe@gmail.com, you would have john.doe@yourdomain.co.uk.
This mailbox lets you send and receive emails using your custom domain, giving you greater control and professionalism.
How is this different from full email hosting?
A mailbox provided with your domain offers basic email capabilities, typically accessed via webmail or configured in email clients using POP or IMAP protocols. Full email hosting services usually provide additional features like calendars, contacts, advanced spam filtering, and larger storage limits.
Why use a domain email address?
Professionalism: Using a custom domain email looks more credible and trustworthy to your clients and contacts.
Branding: Every email you send promotes your brand and reinforces your online presence.
Control: You manage your email addresses and accounts, not a third-party free provider.
Customisation: Create personalised addresses like sales@yourdomain.co.uk or info@yourdomain.co.uk tailored to your business needs.
2. How to Get a Mailbox?
If you have a parked domain using our default nameservers, you’re eligible for a custom domain mailbox.
Enter your full email address (e.g., john.doe@yourdomain.co.uk) and password to log in.
Once logged in, you can send, receive, and manage your emails from anywhere with internet access.
Using Third-Party Email Clients
We recommend using Roundcube Webmail to send and receive emails through your mailbox, however, if you are up for the technical challenge then you might prefer to use unsupported desktop or mobile email applications like Microsoft Outlook, Thunderbird, or Apple Mail, you can configure them with the following settings:
Incoming Mail Server (IMAP): microlite1.com
Port: 993 (SSL/TLS)
Incoming Mail Server (POP3): microlite1.com
Port: 995 (SSL/TLS)
Outgoing Mail Server (SMTP): Use your Internet Service Provider’s SMTP server
Username: Your full mailbox name (e.g., john-doe-yourdomain-co-uk)
Password: Your mailbox password
Note: IMAP keeps your emails synced across all devices, while POP downloads emails to your device.
Mobile Access Tips
Use the built-in mail apps on your iPhone, Android, or tablet.
Enter the same server settings as above for IMAP or POP.
For quick access without setup, simply use Roundcube webmail via your mobile browser.
4. Setting or Resetting Your Mailbox Password
How to Change Your Mailbox Password
You can easily change your mailbox password anytime through your client area:
Choose an upgrade option to a higher storage plan.
Complete the upgrade process – your storage will increase immediately or within a few minutes.
Contact support if you need assistance with upgrading.
6. Spam Protection and Security
Spam Filtering with SpamAssassin
To help keep your mailbox clean and free from unwanted junk emails, we use SpamAssassin, a powerful spam filtering system running on our mail servers.
Incoming emails are automatically scanned and scored for spam-like characteristics.
Emails identified as spam are marked or moved to a spam/junk folder, helping you focus on important messages.
Malware Scanning with Maldet
In addition to spam filtering, we employ Maldet (Malware Detect) to scan all email attachments for malware and viruses.
Suspicious or harmful attachments are flagged or blocked to protect your device and data.
How to Report Spam or Phishing Emails
If you receive a suspicious email that bypasses the filters:
Do not open attachments or click links in the email.
Forward the email to our support team at abuse@uk-cheapest.co.uk with the subject “Spam/Phishing Report.”
Delete the email from your mailbox after reporting.
7. Configuring Email Forwarding
How to Forward Emails from Your Domain Email Address
If you have a parked domain using our default nameservers, you can easily forward emails sent to your domain’s aliases to any external mailbox of your choice. This is perfect if you want emails addressed to info@yourdomain.co.uk or sales@yourdomain.co.uk to be redirected to your main mailbox or another email account.
