Here’s a scenario IT Arsenal  recently recently contacted about, it might sound familiar…

A panic’d emails comes through…

Hi, I received this email from my website host, Hostgator, GoDaddy, BlueHost, one of those, and it says my site is offline, or partially disabled due to malware, and then a long list of obscure files, locations and information!

What is this blather, wait, did I read my site it down?. Oh my gosh, it is!

That’s it.

Uhhh, okay, how do I fix this you’d ask yourself if you received this email. Sure there were some recommended actions with links to support articles in that confusing foreign sounding long string of words I didn’t really understand, but they don’t make anymore sense than the email itself.

What you do know is your website isn’t loading any longer.


Unfortunately this happens often in today’s constantly cyber attacked world, especially when you’re using a lower tier website host, like the ones mentioned above, and countless others. [which I have nothing against, you’re just not paying for a certain grade of security and customer support and most of the time you don’t need it and are unaware this could happen whens starting out with your site, so it hits you like a shock later]

What to Pre-do?

Well, if you could go back in time, I’d remind you, always have a backup of your website somewhere, through some plugin, service, or other. We’ve blogged about that plenty here, and drop us a note if you want personalized advice. If you have a backup, you can restore your site and then talk about security options.

We also recommend/ask about security tools on your site to prevent this, but we won’t go into that either since that’s not the scenario.

What to Do in the Moment

Since we can’t go back in time, what’s the next best steps?

  1. See if your website host has some sort of phone support and let them know you have no idea how to follow their instructions for cleaning your site of malware [which likely takes running scans and removing/replacing several files via FTP] – sometimes their support reps will use the tools at their disposal and simply clean things up, this is a bit of a shot in the dark, but it’s not that far fetched.
  2. Hire a service, like Sucuri to clean things up, however they are a bit templated in their actions, they have a great scanning/cleaning tool but it’s still on you to install, setup, configure and make sense of unless you pay some rather high prices. [$499 for their business package per year that isn’t clear on if you get phone support or not]
  3. Hire a small agency/consultant with less popularity/reputation to personally handle the situation. IT Arsenal would fall into this category by the way, you’d get custom hands on service, but yes, if you don’t know us, and that might seem scary. [it’s not 😁]

Hopefully this doesn’t happen to you, but if it does, now you have just a little bit more knowledge on how to act.

Questions about Malware/Hacks or how to clean up other issue to make your website better?

We love answering questions for free!