Why is my Website Suspended?
What does it mean when a website is suspended? The answer to that question probably depends on who you ask. For your finance team, it means a loss of revenue. For your sales team, it means lost conversions. For your legal team, it means potential issues with data protection. For your IT team, it means a problem they need to solve - quickly.
What does it mean when a website is suspended?
From the perspective of the IT team, the question “What does it mean when a website is suspended?” translates as “What specific issue led to the suspension and what do I have to do to fix it?”.
The good news is that there is at least a reasonable chance that the authority behind the suspension will be able to give you detailed information on why they imposed it. This can do a lot to cut down the time it takes to get your website back online. Even if they don’t, working through a fairly standard process should get you back in business in the shortest possible time. Here is what you need to know.
Check a suspension notice is genuine before you act on it
Always remember that any notice about any sort of suspension could be a phishing email. Make sure you check that a suspension notice is actually genuine before you act on it in any way.
Scan your site for malware
Assuming the notice turns out to be genuine, your first step is to sign up for a website vulnerability scanner and have it scan your site. Each vendor will have its own offering but any website vulnerability scanner worth the name will have an anti-malware scanner (and a web applications firewall).
Also scan your local devices, including your mobile devices, especially the ones you use to connect to the back end of your website. You may find that the hacker gained entry by compromising your local devices and getting an administrator’s username and password.
Back up everything (again)
If you’re lucky, the initial malware scan will have solved the problem and you’ll be able to move on to the final stages of getting your website reactivated. In that case, you’re simply taking a regular backup as, hopefully, you’ve been doing already.
If, however, you’re not that lucky, it’s still worth taking a backup in case you experience any issues during the clean-up process. In particular, you want to back up any custom content as you will not be able to replace this if it gets deleted or damaged.
Choose between a cleanup and a fresh install
Cleaning up a website means going through the files and database tables manually to find any malicious code left by the hackers (there’s usually some) and deleting it. Get it wrong and you could either leave your website open to further attacks or break an essential function.
This means that you either need to have skilled in-house staff who can handle getting up close and personal with code, or hire a professional or just forget about trying to clean up your website and go for a fresh install.
As a rule of thumb, the more work you have done on customizing your website the more worthwhile it is to try cleaning it up and vice versa. If your website is basically a template with a few tweaks you could reproduce fairly easily, then there’s a strong argument for just doing a fresh install and starting again.
Review and update all software you use
You’re probably going to stick with the same content management system as moving to a new CMS would generally be quite a major change. You should, however, make sure that you update it to the latest version. This will happen automatically if you do a clean install. You should also review any and all third-party add-ons to determine if they are actually necessary (or at least very much wanted). Remove any which are not and update any which remain.
Commit to keeping all your software promptly updated as outdated software is a major security hazard.
Check and clean up your administrator accounts
Go through your website administrators and see if there are any usernames that shouldn’t be there. If there are, remove them and then have everyone change their passwords. If administrators aren’t around to change their passwords, either downgrade them to regular users until they can or just revoke their access and create a new account for them when they are around. Now is a good time to review your list of legitimate administrators and see if it could be trimmed at all.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
