Nexcess Logo

Migrations — how Nexcess handles websites infected with malware

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
June 21, 2023

Moving from one hosting provider to another is both exciting and challenging. The idea of having all website data transferred to a new hosting infrastructure feels overwhelming to most business owners, and any additional complications can cause an enormous amount of stress.

One such complication is realizing your website is infected with malware that your previous hosting provider didn’t offer much assistance with. At that point, immediately addressing all security concerns prevents the issue from spreading further and putting your online presence at an even greater risk.

It is critical that malware cleanup is performed before starting the website migration process. This way, you can address all security concerns early on to prevent the issue from spreading further, putting your online presence at an even greater risk. In this context, let's discuss how Nexcess handles websites infected with malware.

About Nexcess migrations and websites infected with malware

Being a Nexcess client means that migration and support teams are standing by to assist with any serious issues you may encounter — especially during a malware infection emergency. And Nexcess offers free website migration for all clients, no matter what plan you choose, which hosting provider you’re switching from, or the current state of your website.

In this migration guide, you’ll learn how to clean up websites infected with malware. Plus, learn how the Nexcess migration team helps as you switch hosting providers — if even your website has existing malware issues.

A quick overview of Nexcess migration services

Our dedicated team of migration professionals will offer the necessary support and guidance and take it upon themselves to make the migration process as fast and headache free as possible.

To start migrating your website, all you need to do is submit a request from the Nexcess Client Portal, which is done using the Nexcess migration form. See the Nexcess Client Portal guide if you have any questions about using the portal itself.

Once your request is received, a migration specialist will contact you with further instructions, including an outline of the process and what to expect. You’ll receive a detailed description of all the stages of website migration, plus a time estimate of when your website will be online:

Once your request is received, a migration specialist will contact you with further instructions, including an outline of the process and what to expect. You’ll receive a detailed description of all the stages of website migration, plus a time estimate of when your website will be online.


The migration process at Nexcess consists of three main phases.

  1. Initial sync phase. When the migration process kicks off, our Nexcess migration specialists will review your current web hosting environment to identify any potential roadblocks. Then, they’ll set up the Nexcess hosting infrastructure and systematically transfer your website’s data to the new platform.
  2. Testing phase. Regarding this phase, we will turn everything over to you for testing. You can check whether your website still has all the data and functionality it usually does. As well, you can identify any issues or misconfigurations that may be present. If something is off, changes will be made. Once you have confirmed that your website works correctly on the new hosting infrastructure, we schedule the final sync with you.
  3. Final sync phase. Any changes will be confirmed for the new hosting environment during the final sync phase. Then, your domain settings will be updated so the public can reaccess the website. All data that has changed on the old host since the initial sync will be transferred to Nexcess. The DNS will be updated to make your website live from the Nexcess hosting platform. It should be duly noted that downtime is expected during this last step. Temporarily, your website(s) will be completely inaccessible while we transfer all data and the new DNS records are updated across the Internet.

The very real challenges of website migration

Website migrations make most business owners shiver. They picture the cumbersome process of moving volumes of data, setting up a new hosting infrastructure, and dealing with obscure, frustrating technical issues that can arise from migration. Some of the most frequent concerns expressed include losing mission-critical information, missing functions essential to the website, and suffering too much downtime.

These are especially frightening worries for enterprise-level businesses that have much more to lose from even minor mistakes. That’s why it’s not an easy decision to switch hosting providers. But it’s the right move as long as you’re switching to a hosting provider that the advantages necessary to grow your business. The key is making the transition as smooth as possible.

If your website is infected with malware

Security concern is one of the most common reasons people change hosting providers. Why? Malware infection is one of the most severe issues a website owner can encounter. In most cases, the site is infected with malware due to a host server’s lack of security measures or outdated software running on the website. You will need a competent hosting partner that is prepared to fix websites infected with malware.

Regardless of how the infection happened, a site infected with malware can be difficult to clean up. That leads to some questions. Can you proceed with your Nexcess migration of a website infected with malware? How do you know whether your website has malware, and what type? What support can you receive to deal with malware? You’ll understand all of this by the end of this article.

Can you migrate websites infected with malware to Nexcess?

In short — the answer is no — you cannot migrate your website to Nexcess if it’s currently infected with malware. Malware infections must be dealt with before moving to a new hosting infrastructure. Otherwise, you’d be risking your business and the new platform. If malware is allowed to, it can spread and cause catastrophic problems. Therefore, we need to see to restore websites infected with malware back to health.

Precautions involved when a site infected with malware needs to be migrated

No matter your initial reason for switching to Nexcess, malware is one of the most important factors to consider before starting the website migration process.

Ideally — before submitting a Nexcess migration request — you’d have your current host run malware scans on all your websites. Then, your current hosting provider would address any security issues. If that’s not possible, submit the Nexcess migration request anyway, and our specialists will help you perform full malware scanning.

Malware scanning before migration

Your website data is scanned at all stages of the migration process — with antivirus software and by manually checking files and code for any suspicions. This is a best practice followed in order to avoid having websites infected with malware.

The initial malware scanning will help identify any websites hacked to redirect users to malware sites or any signs of malware distribution.

If malware is identified on your website, the migration stops until all security issues are resolved. If the initial malware scans do not show any security threats, then the initial sync comes next, during which your website data is transferred to Nexcess infrastructure.

Malware scanning during the initial sync

During the initial data transfer stage, the Nexcess migration team will scan all website data again, this time more thoroughly. Every single website file and database file will be searched to identify any malicious files or injections. If security threats are detected, Nexcess will get back to you with a detailed report and recommendations to remedy the situation.

Migration will also be put on hold until the website infected with malware has been cleaned and secured. Then Nexcess will transfer all your website data over again.

Although the migration specialists will do their best to comprehensively describe the situation and include a list of malicious files, Nexcess does not offer malware cleanup services during the migration process. Keep reading to see what steps you can take to eliminate malware.

About the final sync and additional malware scanning

During the final sync, the Nexcess migration team will transfer all data that has changed on your website since the initial sync. This process involves additional malware scanning. If you have addressed all security issues, next up are the DNS updates, then your website goes live with Nexcess as its host.

Steps you should take to deal with a site infected with malware

The urgency and seriousness of a malware situation during the migration progress cannot be overstated. If malware is detected at any stage of the migration process, cleanup should be performed as soon as possible.

You will continue being charged for your hosting services, both at your previous hosting provider and at Nexcess, until you finalize your migration. Speed up this process by taking the seven steps below to finalize the migration to Nexcess as soon as possible:

  1. Review the results of the malware scans Nexcess provides.
  2. Remove the malware or restore your website from a clean backup.
  3. Scrutinize your website content, CMS admin users, and passwords.
  4. Remove unused scripts and addons installed from unverified sources.
  5. Update all software used with your website.
  6. Install security software as needed.
  7. Report back to Nexcess to rescan the website and resume the migration process.

Remember that you can receive advice at every step of the way. If you have any questions, concerns, or difficulties, please contact Nexcess any time by chat, phone, or email. Securing a WordPress website — in particular — is something Nexcess experts know tons about.

Regardless of your website’s platform, here’s a closer look at each step you’ll need to take to clean up a website infected with malware.

1. Review the results of the malware scans Nexcess provides

A Nexcess migration specialist will email you a list of malicious files, malicious code, and suspicious database entries. You’ll see a description of the issue and recommendations for getting rid of it. Review the email carefully, especially if you’re dealing with malware for the first time or you cannot get assistance from a developer.

2. Remove malware or restore your website from a clean backup

Most malware removal techniques can be summarized as two main approaches: Performing malware cleanup manually and restoring your website from a clean backup.

Examine all malicious files the Nexcess migration team has reported, including their contents and modification dates. You may be able to determine when the website was hacked and choose the best way to restore its functionality.

As the website is still hosted by your current provider, reach out to their support team for additional assistance. A support administrator will usually help restore your website if there’s a backup provided. Often times malware removal falls beyond the scope of support of most hosting companies. But if you have a list of malicious files or injections to delete, a support administrator can help you with it.

3. Scrutinize your website content, CMS admin users, and passwords

Even the best malware scans cannot identify 100% of the malicious code injected into your website. Manually reviewing your website content is the best way to find all backdoors, which include malicious shells and hacked plugins or extensions.

What you’re looking for is any sign of obfuscated code, conspicuous files, or database entries unaccounted for. Strangely named files, functions, or unusual lines of code inside known scripts — these and similar phenomena can indicate malicious code on your website.

After gaining access to a website, hackers often create new CMS admin users and even email addresses. Review all admin users and remove those you are not familiar with.

Changing your passwords is one of the most critical steps, especially if you don’t know exactly how the malware made it into your website. Change the password for your current web hosting panel. Then, change all FTP, MySQL, MariaDB, and CMS admin passwords. This action ensures the website does not get reinfected with malware.

4. Remove unused scripts and addons installed from unverified sources

Free your website from unused scripts, outdated software, and addons from questionable sources. These three factors are among the top reasons websites get infected with malware.

5. Update all software used with your website

Update your website’s CMS installation, active theme, and all plugins and extensions. Using a software’s latest version will significantly reduce the likelihood of an attack. That’s because software publishers periodically add protections from known vulnerabilities — but you’ll have to update to receive the safer code.

6. Install security software as needed

Securing your website helps make sure the attacker can’t get access to your website again through a backdoor they left. Consider again the description of the malware issue. If you don’t have adequate security coverage against it, switch to better software.

If you have adequate security software, ensure it’s updated. If it was updated even at the time of the attack, contact the brand’s support team to get an idea of how the malware attack bypassed security.

7. Report back to Nexcess to rescan the website and resume migration

Once you have followed all the steps above and ensured your website no longer houses any threat, Nexcess migration specialists can proceed with the data transfer. If you got stuck somewhere along the way, contact the Nexcess support team.

Additional benefits of the security features that come with Nexcess web hosting plans

Nexcess offers enterprise-grade security on all hosting plans. We provide a combination of excellent server-side security measures implemented and robust application-level security solutions, such as Solid Security Pro, an industry-leading WordPress security plugin. In the next two sections, let’s take a closer look at what security improvements to expect when you migrate to Nexcess hosting from another hosting provider.

Advanced Nexcess server-side security

Nexcess honors the principle of least privilege as the cornerstone of our server-side security measures. To build a secure hosting infrastructure, Nexcess configures secure permissions and employs advanced firewall rules.

This way, we eliminate the possibility of privilege escalation and reduce the attack surface significantly by filtering out the vast majority of malicious requests coming to your website, thus protecting you from database injection and cross site scripting attacks.

Nexcess website-level security

Security on the website level is ensured by active malware monitoring and a number of other solutions as part of our proactive approach to dealing with an increasing spread of malware globally.

Automatic software updates, along with advanced development tools such as Nexcess development sites and additional staging environments, lie at the heart of malware prevention. Daily off-site backups offered by Nexcess offer a way to quickly recover from malware attacks of all kinds.

Let Nexcess help you maintain website health

Websites infected with malware can become a serious problem, especially when you have decided to move to another hosting provider. But now you know how to deal with the issue effectively and quickly.

What are website migration services?

A website hosting migration is when you move all or part of your website to a new provider. This may be the result of poor performance, lack of application support, or limited bandwidth. For many, migrating to a new host seems risky and difficult.

Nexcess has highly skilled migration professionals who will help you perform a full malware scan of your website and give valuable recommendations to remedy the situation. Follow the seven-step malware cleanup process to address all security issues in a timely manner, then bring your websites over to Nexcess.

As the global leader in managed hosting, Nexcess offers enterprise-grade security. You’ll also enjoy free white glove migrations with minimum downtime and full support from industry experts. Pick a managed hosting plan from Nexcess and get started.

Kiki Sheldon
Kiki Sheldon


Kiki works as a Security Specialist for Liquid Web. Before joining the Abuse & Security Operations Department, she worked on the Liquid Web Managed Hosting Support Team, where she gained extensive knowledge of Linux System Administration and popular Content Management Systems (CMSs).

Kiki’s passion for writing allows her to share her professional expertise and help others. She keeps up with technology and always looks to improve her technical skills. In her free time, she enjoys reading, especially classic books and detective stories.

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.