I recently received an email from my website host:
We are contacting you to inform you we have discovered malicious content on your account and have suspended the account to protect you and your visitors. You will need to either remove the malicious files or remove the malicious content from the files. You will also need to upgrade any outdated applications, themes, or plugins you are using and remove any that you are not using.
Yikes! I ALWAYS update my WordPress versions, plugin and themes. How could this happen? And now my site was down — suspended.
The email also gave me a list of malicious file names and folders to investigate, which I did immediately.
So here’s the story: I have a sub-domain of my signaturegd.com website that I use for testing sites. This sub-domain kinda fell off the radar and yep, I did not update it for many months.
What I eventually did was to delete the sub-domain, and also delete the malicious files that filtered into signaturegd.com. I contacted the host, they reviewed the site, and I was up and going again.
The moral of the story is to follow these 3 steps to help prevent malware and hackers from getting into your site: