Last updated: 21 December 2025
If you are reading this page, it means your website was detected performing malicious or abusive activity and has been temporarily disabled to protect our network and other customers.
We understand this can be stressful. This page explains why this happens, what your options are, and how we can help you get back online safely.
Why was my site disabled?
Your website was disabled because it showed signs of compromise, such as:
- malicious outbound connections
- brute-force or scanning activity
- malware files detected in the website files
- reports from our upstream providers or security partners
When this happens, we must act quickly to prevent:
- further damage to your website
- blacklisting of server IP addresses
- disruption to other customers
Disabling access is a temporary containment measure, not a punishment.
What does “disabled” mean?
In most cases:
- your website will not be publicly accessible
- email services are not affected
- your data has not been deleted
The site is simply prevented from loading until the issue is resolved.
Your options to get back online
You have three main options, depending on your situation.
Option 1 – WordPress Rescue Service (recommended)
If you would like us to handle everything for you, we offer a WordPress Rescue Service, which includes:
- full malware and backdoor cleanup
- removal of malicious files and processes
- WordPress core, plugin, and theme updates
- security hardening to reduce future risk
- verification before re-enabling the site
This is the fastest and safest way to get your site back online.
👉 Ideal if you are not technical or want peace of mind.
Option 2 – Reset and reinstall WordPress
If you prefer to start fresh:
- we can reset the website document root
- you reinstall WordPress from scratch
- you restore content manually or from a clean backup
- security plugins and updates must be applied before reactivation
👉 Suitable if the site is small or content can be easily recreated.
Option 3 – Clean the site yourself
If you choose to clean the site yourself:
- all malware and suspicious files must be removed
- WordPress core, plugins, and themes must be updated
- basic security measures must be in place
- the site will be reviewed before re-enabling
Please note: incomplete cleanups often result in re-infection.
What happens after cleanup?
Once cleanup or rebuilding is complete:
- you notify our support team
- we verify the site is no longer compromised
- public access is restored
Preventing this from happening again
After recovery, we strongly recommend:
- keeping WordPress, plugins, and themes updated
- using strong passwords and two-factor authentication
- running a reputable WordPress security plugin
- removing unused plugins and themes
You can read our full Minimum WordPress Security Requirements article for details.
Need help deciding?
If you are unsure which option is best for you, open a support ticket and we will be happy to advise based on:
- site size
- content importance
- technical experience
- budget
Final note
Website compromises are unfortunately common and not a reflection on you.
What matters most is resolving the issue properly and preventing a repeat.
We’re here to help you get back online safely.