Do you have single or multiple websites that keep getting hacked? Does your server get compromised quite often?
The reason could be that your web host is experiencing security breaches because of insufficient server security.
But in 95% of hacking cases, the vulnerability lies at the end of the website owner. It means that you fail to provide enough security to your websites, thereby making them vulnerable to hacking attacks.
In the past, I’ve cleaned and secured several websites of my clients that were infected with malware. I’m sharing this detailed tutorial with you hoping that it will help you solve similar issues you have been facing.
In this article, I’ll discuss the reason for the hacking of HostGator websites, how to fix the issue, and how to secure your HostGator website from future attacks. I’ll also be covering the frequently asked queries related to HostGator hacking to answer all your questions.
Why was the HostGator website hacked?
Some possibilities might have led to the hacking of the HostGator website:
The most common cause of a hacked website is WordPress plugins. Since WordPress is the popularly used CMS, hackers who are aiming for bulk attacks focus on WordPress websites.
Such online fraudsters probably use automated scanning techniques to exploit WordPress websites and plugins without human intervention.
Using a dummy or a generic password that you use on other platforms can also make your WordPress website vulnerable. Hackers can easily crack such weak passwords and enter malicious code into your website.
Installations from untrusted sources
Installing WordPress plugins and themes from untrusted sources might also be a reason for the HostGator hacked website. There are high chances of security vulnerabilities in such themes and plugins that can cause hacking attacks.
Outdated themes and plugins
Unused themes and old plugins can open the gates of your website for online fraud. Out-of-date WordPress plugins and themes make your website vulnerable.
If you have multiple websites under the same HostGator account, they all must have been compromised and infected since they share the same cPanel. Google will show a “hacked” notice like the one shown below for all these websites:
How to fix the HostGator Hacked Website and Account Suspended issue?
Before moving to the steps to fix your hacked HostGator website, let us discuss the way to investigate how your WordPress or any other website got compromised.
Consider reviewing your Apache access logs to see the post requests immediately before any file changes were made. It will give you an idea about the unauthorized requests and might throw some light on where the security vulnerability lies.
Let us now discuss the steps to fix the HostGator hacked website:
Step 1: Move to a reseller plan (optional)
If you are running multiple websites from the same hosting account, consider moving to a reseller plan. It will allow you to isolate all your websites by migrating them to their unique cPanel accounts.
This way, if one of your websites is attacked, its negative impact will remain within that account. Since all your other websites are on different cPanels, they won’t be affected by this hacking attempt.
Step 2: Manually clean
Consider cleaning your website manually to make it free from malware. Replace all the old core files of your WordPress website with the new ones. Ensure that you create a backup of your data before this step.
Additionally, check your site files for any backdoors by finding the following keywords:
Step 3: Install Security plugins for malware removal
Installing security plugins on your website for removing malware will ensure complete cleaning. Here are some security plugins that will help solve this purpose:
Wordfence is the best overall security solution for WordPress websites. It includes an endpoint firewall even with its free version. When using the free version, you can follow the detailed instructions provided by Wordfence to clean your website.
The helpful guide containing the instructions can be found here:
On the other hand, you can also choose to take help from the Wordfence security experts to remove your website malware. Their hack removal service is quite inexpensive and you can choose between Wordfence Care and Wordfence Response, depending on your urgency level.
You can get the free Wordfence plugin for your HostGator website here.
Anti-Malware Security and Brute-Force Firewall (for scanning)
It is an excellent WordPress plugin for scanning threats and vulnerabilities on your website. This plugin is capable of detecting malware that Wordfence might sometimes fail to detect. So Wordfence and the anti-malware security plugin complete each other.
You can get the free Anti-malware Security and Brute-Force Firewall plugin for your HostGator website here.
Step 4: Restore older version
In addition to the above steps, you can also try restoring an older version of your website. Choose a version immediately before the hacking took place for this purpose.
If, by any chance, you do not have a site backup, consider creating one periodically as soon as you clean your HostGator website. Utilize a WordPress plugin like UpdraftPlus for creating regular website backups instead of using the paid backup addon provided by HostGator.
Step 5: Hire a Developer
A professional web developer can do the site cleaning job much more efficiently than you because he has more knowledge and experience of this work. Hire a developer to fix the HostGator hacked website and account suspended issue for a much more convenient and happier experience.
A professional can:
- Detect the source of the hack
- Clean your website
- Ensure to strengthen its security level to prevent it from future attacks.
Also, being an expert, he might have probably dealt with a similar issue in the past, so he can fix your website much faster. It saves you time and minimizes your website downtime.
Step 6: Rebuild your site (optional)
If possible, consider rebuilding your websites from scratch by importing all your content instead of cleaning them up. This solution is particularly useful when you are facing the HostGator hacked website issue repeatedly.
Rebuilding the website might be more time-efficient than finding the cause of hacking and cleaning your website over and over again. It could also be a great solution for those who are not in a position to spend money on getting the malware removed.
Starting with a fresh WordPress installation will provide you with a fully clean website, free from malware. You can, then, add proper security measures to this newly created website to prevent it from future hacking attacks.
In the end, it depends on how hard it is to rebuild your website. If your site is too old, it might not be possible to rebuild it because of the large quantity of content. In such a case, it is better to restore your website to a point immediately before the hacking took place.
How to prevent being hacked again?
With HostGator websites being hacked regularly, you cannot count on the host to technically assist you with security issues. So only you are responsible for the safety of your HostGator websites. Hopefully, the following tutorial will help you keep your sites safe:
1. Upgrade to a VPS or Dedicated hosting plan
The best way to protect your websites during a hacking attack is to keep them separate in their unique cPanel accounts.
In such a case, your account no.1 will be completely disconnected from account no. 2. So an attacker who has entered your account no.1 will not be able to enter account no.2 due to lack of permissions to access the files belonging to the latter.
To separate all your HostGator websites, you can either consider investing in a reseller account or go for a VPS or dedicated hosting plan with cPanel. You can, therefore, create separate hosting accounts for each of your websites.
Alternatively, you can also consider buying individual hosting packages for all your websites to keep them isolated from each other. I have a customer who uses this strategy and successfully protects all his websites.
2. Fix Server Misconfigurations
Your server configurations can also make your website vulnerable so fixing the server misconfigurations will help you secure your website.
Weak file permissions: The online attackers can access .htaccess or other sensitive files if you fail to set file permissions properly. Such hackers can, then, easily inject malware into your HostGator website by modifying these sensitive files.
Open ports: Open ports are an entry point for hackers. Make sure that you do not have open ports when using the HostGator VPS plans.
Enable two-factor authentication: Two-factor authentication makes it almost impossible for attackers to enter your website. So consider enabling it for your HostGator website from the cPanel.
Remove old files: Old and outdated files also make your website vulnerable to online attacks. So clear your HostGator website of all outdated license files and old software.
3. Keep everything updated
Keep all your website resources, including WordPress core files, themes, and plugins updated. Also, download them from trustworthy marketplaces only.
4. Optimize security plugin
Install a reliable security plugin like Wordfence to your website. Ensure to optimize it efficiently by properly setting it up and strengthening the security settings. You will find dozens of tutorials online for securing your website with Wordfence if needed.
You will find one such helpful guide for protecting your WordPress website with Wordfence here:
5. Check anonymous accounts
Consider reviewing the user accounts on your website and the strength of passwords regularly to prevent the entry of hackers to your site.
Additionally, after the cleaning process, make sure you change all your passwords, and that includes (Database, WordPress, FTP).
6. Migrate to a different host
The shared hosting plans on HostGator are a big consideration when hacking is the issue. Your website is never secure on a shared hosting server and HostGator does not offer any help if other users on the same server breach your space.
So it is best to migrate to a different host since HostGator is not reputable enough. Move your websites to a host who performs the latest and regular security updates.
What to look for in the new host?
Consider moving to a managed hosting solution provided by a host with good security practices. It would be best if the new host uses a firewall system like Cloudways does to protect its servers and websites residing on them from malware.
Note: An unmanaged VPS or dedicated server can be more vulnerable than a shared hosting server when you have no technical knowledge. Such servers are not configured as secured by default but require some technical knowledge to make them more secure than shared hosting.
So I recommend choosing a managed hosting solution where your host takes care of all the security aspects related to your server and websites thereon.
Is HostGator SiteLock worth buying?
No, HostGator SiteLock is not worth buying. HostGator customer support recommends purchasing a SiteLock subscription when a WordPress website gets hacked.
WordPress is constantly on the target of hackers since it is used by the majority of website owners. If a website fails to plug a vulnerability, an attacker will find it for exploitation. Unfortunately, HostGator SiteLock will not be able to do much for your website.
Reviews of Hostgator customers
Let’s look at what HostGator customers have to say about its security. Here are some reviews about the host from Trustpilot:
Note: Many standard antivirus or malware scanners don’t do any satisfactory job, including HostGator SiteLock. So depending only on these security solutions will not fully protect your website.
If your HostGator website was hacked, there are high chances of your website getting compromised again even if you take it to another host or rebuild it with a fresh WordPress installation unless you learn to secure your WordPress site properly.
Though most hosting companies focus on high turnaround and profit with low overhead costs, some hosts believe in investing in the latest technologies. You will find some hosting providers who do not use standard, freeware scanners but invest in commercial security software to offer advanced protection to your websites.
Moving to a host offering the basic security essentials without any additional charges is the best solution for most HostGator website owners affected by hacks. Cloudways is one such reliable solution that offers:
- Dedicated firewall and bot protection
- DDoS protection
- Application isolation
FAQ (Frequently Asked Questions)
📌 How does HostGator deal with the hack?
HostGator has a policy that accepts a maximum of 3 security strikes. For the first 2 attacks, the host allows you to self-clean your website and reinstate you without any questions.
However, after the 3rd attack, HostGator asks for proof from a security service to ensure that you have properly cleaned your website of all the malware before it takes you back on its server.
📌 Is HostGator secure?
No, HostGator is not secure enough. If your websites are not isolated and remain within the same account, hacking of a single website will lead to compromising all of them.
Shared hosting environments do not offer much security to your websites. A user on the same server can blacklist the server IP resulting in your domain getting blacklisted too. You might also experience a file compromise due to the shared resources and lack of protection offered by HostGator.
📌 Is HostGator email safe?
No, HostGator email is not fully safe. Shared hosting email services generally offer poor protection against spam, so expect to receive a lot of them.
📌 Should you upgrade?
Yes, upgrading to a managed server might be beneficial if you have no technical knowledge. Apart from the security of your server, you also need to take care of any vulnerability in your plugins. Update them regularly to prevent hacking attacks.