UKC

My Website Has Been Compromised and Disabled – What Happens Next?

Last updated: 21 December 2025

If you are reading this page, it means your website was detected performing malicious or abusive activity and has been temporarily disabled to protect our network and other customers.

We understand this can be stressful. This page explains why this happenswhat your options are, and how we can help you get back online safely.

Why was my site disabled?

Your website was disabled because it showed signs of compromise, such as:

  • malicious outbound connections
  • brute-force or scanning activity
  • malware files detected in the website files
  • reports from our upstream providers or security partners

When this happens, we must act quickly to prevent:

  • further damage to your website
  • blacklisting of server IP addresses
  • disruption to other customers

Disabling access is a temporary containment measure, not a punishment.

What does “disabled” mean?

In most cases:

  • your website will not be publicly accessible
  • email services are not affected
  • your data has not been deleted

The site is simply prevented from loading until the issue is resolved.

Your options to get back online

You have three main options, depending on your situation.

If you would like us to handle everything for you, we offer a WordPress Rescue Service, which includes:

  • full malware and backdoor cleanup
  • removal of malicious files and processes
  • WordPress core, plugin, and theme updates
  • security hardening to reduce future risk
  • verification before re-enabling the site

This is the fastest and safest way to get your site back online.

👉 Ideal if you are not technical or want peace of mind.

Option 2 – Reset and reinstall WordPress

If you prefer to start fresh:

  • we can reset the website document root
  • you reinstall WordPress from scratch
  • you restore content manually or from a clean backup
  • security plugins and updates must be applied before reactivation

👉 Suitable if the site is small or content can be easily recreated.

Option 3 – Clean the site yourself

If you choose to clean the site yourself:

  • all malware and suspicious files must be removed
  • WordPress core, plugins, and themes must be updated
  • basic security measures must be in place
  • the site will be reviewed before re-enabling

Please note: incomplete cleanups often result in re-infection.

What happens after cleanup?

Once cleanup or rebuilding is complete:

  1. you notify our support team
  2. we verify the site is no longer compromised
  3. public access is restored

Preventing this from happening again

After recovery, we strongly recommend:

  • keeping WordPress, plugins, and themes updated
  • using strong passwords and two-factor authentication
  • running a reputable WordPress security plugin
  • removing unused plugins and themes

You can read our full Minimum WordPress Security Requirements article for details.

Need help deciding?

If you are unsure which option is best for you, open a support ticket and we will be happy to advise based on:

  • site size
  • content importance
  • technical experience
  • budget

Final note

Website compromises are unfortunately common and not a reflection on you.

What matters most is resolving the issue properly and preventing a repeat.

We’re here to help you get back online safely.

Minimum WordPress Security Requirements

Last updated: 21 December 2025

To protect our network and our customers, all WordPress websites hosted with UK Cheapest must meet the minimum security requirements outlined below.

Websites that do not meet these requirements are at a significantly higher risk of being hacked and may be temporarily restricted if they pose a security or abuse risk.

Why this is required

WordPress is a popular platform and is frequently targeted by automated attacks.

Most compromises occur due to:

  • outdated WordPress core
  • vulnerable or abandoned plugins
  • weak passwords
  • lack of basic security protection

Once a site is compromised, it can be used to send spam, perform attacks, or host malicious content. These activities can result in service disruption or action by upstream providers.

Minimum security requirements (mandatory)

All WordPress installations must meet all of the following requirements.

1. Keep WordPress fully up to date

  • WordPress core must be kept on the latest stable version
  • All themes and plugins must be kept up to date
  • Any themes or plugins that are not actively used must be deleted, not just disabled

2. Use strong login credentials

  • Strong, unique passwords must be used for all WordPress admin accounts
  • Do not reuse passwords from other websites or services
  • Remove any unused admin or user accounts

3. Install a security plugin

A reputable WordPress security plugin must be installed and active.

Examples include (but are not limited to):

  • Wordfence
  • iThemes Security / Solid Security
  • All In One WP Security

The security plugin should provide basic protection such as login rate limiting and malware scanning.

4. Protect the login page

At least one of the following must be enabled:

  • login rate limiting
  • CAPTCHA
  • two-factor authentication (recommended)

This significantly reduces brute-force and credential-stuffing attacks.

5. XML-RPC protection

  • XML-RPC must be disabled if it is not required, or
  • protected via a security plugin

Unprotected XML-RPC is a common attack vector.

6. File and plugin hygiene

  • No executable files or custom binaries should exist in the website document root
  • Plugins and themes must only be installed from trusted sources
  • Pirated, nulled, or unverified plugins/themes are not permitted

If your site is compromised

If a WordPress site is found to be compromised or generating malicious activity:

  • the site may be temporarily restricted to prevent further abuse
  • cleanup or rebuilding will be required before the site can be re-enabled

UK Cheapest offers a WordPress Rescue Service for customers who would like us to professionally clean and secure their site.

Important note

Meeting these minimum requirements significantly reduces risk, but no website can be guaranteed to be completely immune from attack. Ongoing maintenance and updates are essential for long-term security.

Need help?

If you would like assistance securing your WordPress site, or if you are unsure whether your site meets these requirements, please open a support ticket and our team will be happy to advise.

DKIM Support Now Available in the Client Area DNS Manager

We’re pleased to announce that you can now add DKIM (DomainKeys Identified Mail) records directly through the Client Area DNS Manager for all parked domains.

What is DKIM?

DKIM is an industry-standard email authentication system that helps protect your domain name from being used for spam or phishing. It works by digitally signing outgoing messages so that receiving mail servers can verify they were genuinely sent from your authorised mail source.

When DKIM is active:

  • Your emails are less likely to be marked as spam
  • Recipients can trust that messages really came from you
  • Your domain reputation and deliverability improve

How it Works

Every DKIM setup uses two keys:

  • private key, stored safely on the mail server that sends your messages
  • public key, published in your domain’s DNS as a TXT record

When an email is sent, your mail server signs it with the private key. The receiving system checks that signature using the public key in your DNS.

Adding DKIM in the Client Area

If your mail service (for example Google Workspace, Microsoft 365, or your own server) provides you with a DKIM record, you can now publish it in just a few clicks.

  1. Log in to your Client Area at https://www.uk-cheapest.co.uk
  2. Go to Domains → Manage Domain → DNS Manager
  3. Add a new TXT record
    • Host/Name: the DKIM selector (for example, default._domainkey)
    • Value: the full DKIM record starting with v=DKIM1; k=rsa; p=…
  4. Save changes and allow a few minutes for DNS to update

Once published, your mail provider’s DKIM checks should confirm that your domain is correctly authenticated.

Frequently Asked Questions

1. Do I need to set up DKIM for my domain?

If you send email using your domain name, yes – DKIM is strongly recommended. It helps protect your domain’s reputation and improves email delivery by verifying that messages weren’t altered in transit.

2. Where do I get my DKIM record?

Your DKIM record is generated by your email provider or mail server. For example, Google Workspace, Microsoft 365, or your web hosting control panel will each provide a v=DKIM1; p= record that you can copy and paste into your DNS Manager.

3. How long does it take for DKIM to start working?

Once you add your DKIM record, it can take anywhere from a few minutes to a few hours for DNS propagation. After that, emails sent from your domain should show as “signed” when checked by online DKIM testers.

4. Can I use DKIM on a parked domain?

Yes. Even if your domain is parked, you can add DKIM records in advance or if you’re routing mail through another system. This is especially useful for protecting your brand from spoofed messages.

5. What if my DKIM record doesn’t validate?

Check that your record is added as a single TXT entry, with no extra spaces, quotes, or missing characters. If you’re unsure, open a support ticket – our team will review your DNS record and help you get it verified.

Need Help?

If you’re unsure which DKIM record to use or your provider’s verification fails, open a support ticket and our team will review your DNS settings for you.

Tip: It’s normal to paste a DKIM record generated on another mail system into your DNS – just make sure it’s copied exactly as provided.

For further guidance, visit your email provider’s DKIM documentation or contact us anytime through the Client Area Support Centre.

Introducing UK Trade Finder – A Better Way for Homeowners and Tradespeople to Connect

UK Trade Finder was created by the team at UK Cheapest with a simple mission – to build a fair, transparent and genuinely helpful directory for UK trades. After years supporting small businesses with domains, hosting and online tools, we saw the same issue again and again: tradespeople were being overcharged for visibility, and homeowners were struggling to find trustworthy professionals.

So we built something better.

UK Trade Finder gives every tradesperson a free listing, with the option to upgrade to low cost premium tools starting from just £15 per month. There are no commissions, no contracts and no shared leads. Homeowners contact trades directly and all reviews require job evidence, keeping things honest and reliable on both sides.

The platform is designed to solve the frustrations that have grown around traditional trade directories. Our approach focuses on verified credentials, transparent pricing and genuine accountability, creating a place where reputation is earned properly.

As UK Cheapest continues helping UK businesses get online, UK Trade Finder is a natural extension of that mission. We’re proud to support the trades community with a fair platform built to serve, not exploit.

UKTradeFinder.com – coming soon.

FreeWebsite.org.uk: Build a Free Website in Minutes (No Ads, No Catch)

For many small businesses, freelancers and community groups, the hardest part of getting online is the ongoing cost of a website platform. FreeWebsite.org.uk removes that barrier. It’s a free website builder designed for the UK, offering drag-and-drop editing, secure hosting, SSL and built-in analytics – at £0, forever.

What you get (for free)

  • Drag-and-drop builder with modern, mobile-friendly templates
  • Pre-built sections: Hero, About, Services, FAQ, Map, Contact, Testimonials
  • Unlimited image uploads with secure cloud storage
  • UK hosting + SSL included, with automatic daily backups
  • Built-in analytics (real-time traffic, sources, devices)
  • No ads, no paywalls, no credit card required

You can publish instantly on a free subdomain (e.g. yoursite.freewebsite.org.uk/). If you prefer a custom domain, connect one easily via UK Cheapest.

How it works

  1. Choose a template – Clean, professional layouts optimised for mobile.
  2. Customise – Edit text, colours and images in a visual editor (no code).
  3. Publish – Go live immediately. Add your own domain any time.

Who it’s for

  • Small businesses & startups wanting a professional web presence without monthly fees
  • Freelancers & portfolios who need a simple, fast site they control
  • Community groups & charities looking for reliable, ad-free hosting at zero cost

Why “free” actually works

The platform is kept free by offering optional paid domain names through UK Cheapest. The website builder, hosting and analytics remain free so that cost never blocks you from getting online.

Key advantages vs typical “free” plans

Many free tiers from well-known builders place ads on your site, limit features, or require a paid upgrade for SSL and analytics. FreeWebsite.org.uk is different: no adsSSL included, and analytics included—so you can build and run a credible site without upsells.

Quick FAQ

Is it really free?

Yes. The builder, hosting, SSL, backups and analytics are free forever. No credit card required.

Can I use my own domain?

Yes. Keep the free subdomain or connect a custom domain via UK Cheapest at standard domain rates.

Do I need to code?

No. The editor is fully visual—drag, drop and publish.

Start here: Visit FreeWebsite.org.uk to build your free website today.