Wordpress

My Website Has Been Compromised and Disabled – What Happens Next?

Last updated: 21 December 2025

If you are reading this page, it means your website was detected performing malicious or abusive activity and has been temporarily disabled to protect our network and other customers.

We understand this can be stressful. This page explains why this happenswhat your options are, and how we can help you get back online safely.

Why was my site disabled?

Your website was disabled because it showed signs of compromise, such as:

  • malicious outbound connections
  • brute-force or scanning activity
  • malware files detected in the website files
  • reports from our upstream providers or security partners

When this happens, we must act quickly to prevent:

  • further damage to your website
  • blacklisting of server IP addresses
  • disruption to other customers

Disabling access is a temporary containment measure, not a punishment.

What does “disabled” mean?

In most cases:

  • your website will not be publicly accessible
  • email services are not affected
  • your data has not been deleted

The site is simply prevented from loading until the issue is resolved.

Your options to get back online

You have three main options, depending on your situation.

If you would like us to handle everything for you, we offer a WordPress Rescue Service, which includes:

  • full malware and backdoor cleanup
  • removal of malicious files and processes
  • WordPress core, plugin, and theme updates
  • security hardening to reduce future risk
  • verification before re-enabling the site

This is the fastest and safest way to get your site back online.

👉 Ideal if you are not technical or want peace of mind.

Option 2 – Reset and reinstall WordPress

If you prefer to start fresh:

  • we can reset the website document root
  • you reinstall WordPress from scratch
  • you restore content manually or from a clean backup
  • security plugins and updates must be applied before reactivation

👉 Suitable if the site is small or content can be easily recreated.

Option 3 – Clean the site yourself

If you choose to clean the site yourself:

  • all malware and suspicious files must be removed
  • WordPress core, plugins, and themes must be updated
  • basic security measures must be in place
  • the site will be reviewed before re-enabling

Please note: incomplete cleanups often result in re-infection.

What happens after cleanup?

Once cleanup or rebuilding is complete:

  1. you notify our support team
  2. we verify the site is no longer compromised
  3. public access is restored

Preventing this from happening again

After recovery, we strongly recommend:

  • keeping WordPress, plugins, and themes updated
  • using strong passwords and two-factor authentication
  • running a reputable WordPress security plugin
  • removing unused plugins and themes

You can read our full Minimum WordPress Security Requirements article for details.

Need help deciding?

If you are unsure which option is best for you, open a support ticket and we will be happy to advise based on:

  • site size
  • content importance
  • technical experience
  • budget

Final note

Website compromises are unfortunately common and not a reflection on you.

What matters most is resolving the issue properly and preventing a repeat.

We’re here to help you get back online safely.

Minimum WordPress Security Requirements

Last updated: 21 December 2025

To protect our network and our customers, all WordPress websites hosted with UK Cheapest must meet the minimum security requirements outlined below.

Websites that do not meet these requirements are at a significantly higher risk of being hacked and may be temporarily restricted if they pose a security or abuse risk.

Why this is required

WordPress is a popular platform and is frequently targeted by automated attacks.

Most compromises occur due to:

  • outdated WordPress core
  • vulnerable or abandoned plugins
  • weak passwords
  • lack of basic security protection

Once a site is compromised, it can be used to send spam, perform attacks, or host malicious content. These activities can result in service disruption or action by upstream providers.

Minimum security requirements (mandatory)

All WordPress installations must meet all of the following requirements.

1. Keep WordPress fully up to date

  • WordPress core must be kept on the latest stable version
  • All themes and plugins must be kept up to date
  • Any themes or plugins that are not actively used must be deleted, not just disabled

2. Use strong login credentials

  • Strong, unique passwords must be used for all WordPress admin accounts
  • Do not reuse passwords from other websites or services
  • Remove any unused admin or user accounts

3. Install a security plugin

A reputable WordPress security plugin must be installed and active.

Examples include (but are not limited to):

  • Wordfence
  • iThemes Security / Solid Security
  • All In One WP Security

The security plugin should provide basic protection such as login rate limiting and malware scanning.

4. Protect the login page

At least one of the following must be enabled:

  • login rate limiting
  • CAPTCHA
  • two-factor authentication (recommended)

This significantly reduces brute-force and credential-stuffing attacks.

5. XML-RPC protection

  • XML-RPC must be disabled if it is not required, or
  • protected via a security plugin

Unprotected XML-RPC is a common attack vector.

6. File and plugin hygiene

  • No executable files or custom binaries should exist in the website document root
  • Plugins and themes must only be installed from trusted sources
  • Pirated, nulled, or unverified plugins/themes are not permitted

If your site is compromised

If a WordPress site is found to be compromised or generating malicious activity:

  • the site may be temporarily restricted to prevent further abuse
  • cleanup or rebuilding will be required before the site can be re-enabled

UK Cheapest offers a WordPress Rescue Service for customers who would like us to professionally clean and secure their site.

Important note

Meeting these minimum requirements significantly reduces risk, but no website can be guaranteed to be completely immune from attack. Ongoing maintenance and updates are essential for long-term security.

Need help?

If you would like assistance securing your WordPress site, or if you are unsure whether your site meets these requirements, please open a support ticket and our team will be happy to advise.

Are you still running your website on PHP 7.x or 8.0?

If your website is still running on PHP 7.x or 8.0, it’s time to take action. These versions are no longer supported and no longer receive security updates, which means your site could be vulnerable to attacks and compatibility issues.

The minimum safe version today is PHP 8.1, but for the best performance and long-term security, you should be using PHP 8.2 or 8.3.

Benefits of upgrading:

• Improved speed and performance
• Enhanced security features
• Full compatibility with modern software and frameworks

Not sure which version your website is using, or how to upgrade? Feel free to get in touch or leave a comment.

How to Install WordPress on Plesk Obsidian: A Beginner’s Guide

Installing WordPress on your UK Cheapest Plesk Obsidian server is incredibly easy, even if you’re new to web hosting. With Plesk’s user-friendly interface, you can set up WordPress in just a few clicks. Follow this guide to get your WordPress site up and running!

Step 1: Log In to Your Plesk Control Panel

Start by logging into your Plesk Obsidian control panel. You’ll find the login details in the welcome email from UK Cheapest, or you can log in at:

URL: https://your-domain.com:8443

Enter your username and password to access the dashboard.

Step 2: Go to the WordPress Toolkit

Once inside the Plesk dashboard, find the WordPress Toolkit on the left-hand menu. The WordPress Toolkit makes it simple to install, manage, and update your WordPress sites.

If you don’t see the WordPress Toolkit, navigate to Extensions in the menu and install the WordPress Toolkit extension for free.

Step 3: Install WordPress

With the WordPress Toolkit open, follow these steps to install WordPress:

  1. Click on Install WordPress in the top right corner.
  2. Select your domain or subdomain from the dropdown where you want to install WordPress.
  3. Choose installation path (leave blank if you want WordPress to be installed in the root directory of your domain).
  4. Under Installation Settings, enter your site title, admin username, password, and email. These will be used to log in to your WordPress dashboard.
  5. For security, make sure Enable HTTPS is checked if you have an SSL certificate installed. This will ensure that your site uses HTTPS.
  6. Click Install.

The installation process will begin, and within a few moments, your WordPress site will be ready!

Step 4: Access Your WordPress Admin Dashboard

Once WordPress is installed, you can access your WordPress admin dashboard:

  • In the Plesk dashboard, navigate to the WordPress Toolkit.
  • Under the list of installed WordPress sites, find your domain.
  • Click on the Log in to Admin Dashboard button. This will take you directly to the WordPress admin panel.

You can also access your dashboard by going to https://your-domain.com/wp-admin and entering your WordPress admin username and password.

Step 5: Customise Your WordPress Site

Now that you’re inside the WordPress dashboard, you can start customising your site:

  • Choose a theme by going to Appearance > Themes.
  • Install plugins by navigating to Plugins > Add New.
  • Create pages and posts from the Pages and Posts sections.

WordPress gives you complete control over your site, and with Plesk’s toolkit, managing updates, plugins, and security is easy.

Step 6: Enable Automatic Updates (Optional)

To keep your site secure and up to date, you can enable automatic updates for WordPress core, themes, and plugins:

  1. In the Plesk WordPress Toolkit, find your site and click Manage.
  2. Under Updates, enable automatic updates for WordPress core, plugins, and themes if desired.

If you haven’t already enabled SSL during the WordPress installation, you can do so now to secure your site with HTTPS:

  1. Go to Websites & Domains in the Plesk dashboard.
  2. Click on SSL/TLS Certificates under your domain.
  3. Select Let’s Encrypt to issue a free SSL certificate for your site.
  4. Once installed, Plesk will automatically configure your site to use HTTPS.

Congratulations! Your WordPress Site is Ready

That’s it! You’ve successfully installed WordPress on Plesk Obsidian. From here, you can start customising your site, installing plugins, and adding content. Thanks to Plesk’s easy-to-use interface, managing your WordPress site will be smooth and efficient.

Need further help? Don’t hesitate to reach out to our support team for assistance!

Web Hosting: How to Install WordPress

All UK Cheapest Web Hosting and Website Builder packages come with one-click WordPress installation support. The installation process is not as complex as you might think!

To install WordPress as a client using Plesk Obsidian for Linux, follow these steps:

Log In to Plesk:

  • Open your web browser and navigate to your Plesk control panel URL provided in your Web Hosting Settings email (usually https://your-domain-or-IP:8443).
  • Log in with your client or administrator credentials.

Access Your Domain:

  • Once logged in, click on the “Websites & Domains” tab.

Select the Domain:

  • Choose the domain where you want to install WordPress.

Install WordPress:

  • Scroll down to the “Web Applications” section.
  • Click on “View” under the “WordPress” option.

Install WordPress:

  • On the WordPress page, click the “Install” button.

Configure WordPress Installation:

  • You will be prompted to configure your WordPress installation:
    • Choose the version of WordPress you want to install.
    • Select the domain where you want to install WordPress.
    • Set the directory where WordPress will be installed (usually leave it empty to install in the root directory).
    • Enter a name for your WordPress website.
    • Create an administrator username and password.
    • Provide an administrator email address.
    • Configure additional settings like language and database prefix if needed.

Install WordPress:

  • Click the “Install” button to begin the installation process.

Completion and Access:

  • Once the installation is complete, you will see a confirmation message.
  • You can now access your WordPress site by going to your domain URL (e.g., https://your-domain.co.uk).

Login to WordPress Admin:

  • To access the WordPress admin dashboard, go to https://your-domain.co.uk/wp-admin.
  • Log in using the administrator username and password you created during installation.

Start Building Your Website:

You can now start customising your WordPress website, installing themes, plugins, and creating content through the WordPress admin dashboard.

That’s it! You have successfully installed WordPress using Plesk Obsidian for Linux. You can now build and manage your website with ease.