HostPapa Hosting Still Sucks: Now Extorts Customers

A few years back I blogged about HostPapa getting hit with a widespread hack that they lied to their customers about, and instead tried to blame on a non-existent WordPress security issue. More than just WordPress sites were affected, so obviously it was not that. It was most likely a cpanel bug that other hosting companies actually let their customers know about, and while they never did admit wrong eventually the sites stopped getting hit, so odds are they just quietly fixed it behind the scenes. However, since lying to your customers is bad form even if you eventually fix the problem, ever since then I have done my best to warn people against hosting with them. There are a ton of decent hosts out there at reasonable prices (my recommendation as always is Hostgator), so in this day and age there is no reason for anyone to go with (or stay with) one that gives crappy service.

A couple of days ago a woman named Kristina Birkhof (@sexypartyanimal) contacted me about helping her dehack her website,, since I clean hacked WordPress installations professionally. She said that HostPapa told her

that she could pay them $130.00 to clean the site, or they could delete the site altogether and she could start over. I let her know that the price itself for cleaning a site was not outrageous, and mine might be similar, as I charge $65 USD/hour and I can clean most sites in 1-2 hours. There were also other options I could have offered her, such as a barebones cleaning where I clean the guts and she re-installs a new theme and plugins (which takes me maybe 30 minutes to do). I needed to look at the actual site though in order to be able to know if this site would be an exception to the rule, so I asked her for her cpanel login so I could look into it.

After several tries by each of us to access it, including attempts to reset the password, she finally opened up a support ticket with HostPapa letting them know we couldn’t even get to the files or database to clean them. When she forwarded me their reply I was a bit shocked, as it turns out that HostPapa is claiming that the only way for her to grab a copy of her site, which she wrote and owns, is for her to pay them that $130 fee. This means she cannot clean the site herself (which the tutorial I linked to above teaches people to do for free), she cannot hire someone else to clean it, and she’s not even allowed to grab the site so she can switch hosts, unless she pays $130 to a company with a history of lying to their customers.

Thinking that this just must be someone answering support tickets who didn’t know what they were talking about, I opened up a chat with them, and I got told the exact same thing:

AbhijeetJ 4:51:33 PM I have checked from my end and found that the account is hacked and hence your account is current suspended. Unfortunately, you will not be able to access your cPanel, emails and website until the account is made free from malwares.

Michael VanDeMar 4:52:47 PM We need the cpanel backup to clean it, or at least ftp access.

Michael VanDeMar 4:53:34 PM Have someone run the backup, and put it somewhere we can download it.

AbhijeetJ 4:56:47 PM Unfortunately, we will not be able to access the account. You can either proceed for account reset or purchase our newly launched malware removal tool.

Michael VanDeMar 4:57:14 PM That’s extortion. What if she just wants to switch hosting?

AbhijeetJ 4:58:54 PM Unfortunately, as you are in shared hosting environment, access to the cPanel, FTP, emails and website cannot be provided as the account is infected with malwares.

Michael VanDeMar 5:00:00 PM And you are saying that your customers are not allowed to clean their own sites, is this correct? Their only option is to pay you, a host that has had known insecurities in the past, to clean it?

AbhijeetJ 5:01:02 PM Unfortunately, yes. You can proceed for a malware removal tool or account reset.

Michael VanDeMar 5:01:55 PM And you do realize this is unreasonable, yes? Not allowing people their own data so they can move elsewhere?

AbhijeetJ 5:02:22 PM If you want your data then you can go for a malware removal tool.

AbhijeetJ 5:02:39 PM Once done with it, you will be given access to your website files, databases and emails.

Michael VanDeMar 5:02:47 PM What if we want to use someone else’s malware removal?

AbhijeetJ 5:03:12 PM No, you will not be given access to the cPanel and FTP and hence you will not be able to use it.

So, obviously HostPapa has graduated from simply having shitty customer service to outright ripping off their customers and holding their data hostage. I cannot stress strongly enough how uncalled for and inappropriate this is in today’s hosting market. While I am certain that getting the word out won’t do anything to make Hostpapa see the error of their ways, please do let your friends know not to host there at least, to save them from this kind of harassment.

Be Sociable, Share!

10 thoughts on “HostPapa Hosting Still Sucks: Now Extorts Customers”

  1. I wish I saw this post before subscribing to this shitty hostpapa thing. In my case I paid for the Malware removal the first time. 2 months later I got another email that my account had been suspended for being hacked. This was frustrating…I requested that they provide me with the files from a clean backup I had already done, and they would not even give me back the back up files. I called and they said “We thing even the backup files may be affected”. If all files including the back up are affected, what then is the point of making the backup? They requested that I pay another $99 to get the files cleaned again…ridiculous!!! I am still fighting with them and all i want to do now is get my files and databases and move to a different host entirely. They will not even provide me with the files to move to a different host….how pathetic!!!!


  2. I’m going through the EXACT same thing right now. I am currently locked out of my website and have been told they will either erase it or I’ll have to pay $130 to clean everything. What horrible service. I’m disappointed. Thanks for sharing this story. Now I know I’m not crazy!

  3. This is happening to me to, it stinks of extortion, I only have a simple blog and the the corrupt wp theme or plugin can easily be deleted in the ftp, this is a joke, Hostpappa are the very worst hosts on the market, surely criminals!

  4. Here’s todays quote from their email:

    “However, we have one service through which we will clean all the infected files from your account, once done your website will be clean and ready to use and no need to reset your account. You will have to pay $129 + service tax per year for one website, where all your files will remain as it is and we will only remove infected files from your account. If it does get hacked again within a year it will clean your account again.

    If you are not ready for this option then a full account reset is required at this point. Unfortunately, you will lose ALL data including website files, email addresses and databases. As this is a destructive process, we need you to provide us with some information before we proceed.”

  5. It says here on a post on their website (19th Aug 2015):

    “An account can be suspended if HostPapa has been notified that it is currently hosting a malicious website seeking to extort personal information from third parties.”

    – which means they have no legal right to suspend our accounts.
    It is one thing to host a malicious website or such which is running criminal activity, and quite another to just have a bit of malware in a few wp plugins.

    They’re hiding behind this idea, so that they can extort their customers. its a total joke, bad business practice,and no doubt the company will soon go bust if they continue such action.
    I’m going to contact a lawyer.

  6. Olly, please feel free to tap me as an expert witness if you do. I am more than willing to testify that their procedures are unnecessary and are designed to extort money from their customers.

  7. Thanks Michael I hope it won’t have to come to that, but you are right. Thank you for the website and article as well.

  8. Hostpap takes advantage of their customers in several ways. The most recent experience I had with them is; I was prevented renewing my domain manually. They wanted it to go through automated process. A domain renewal of less than 15.00 dollars was jacked up to over 60.00 having addedd options that I never used or requested. Had to call them up, and during our conversation the rep toled me that hostpapa is aware of client’s dissatisfaction about this issue but they keep doing, And he suggested putting a negative comment might be the best way dealing with this issue.

  9. Couldn’t agree more. Their support’s strategy is to waste time. I have 10+ websites (I signed up during a flash sale) with them. ALL of them are offline for 2 days now and counting. They claim “resource violations” but the reality is that the sites have been hit by SE indexing. So they just turned them off. I didn’t even get an email.
    Even just trying to get an answer if they are going to re-activate it seems impossible. Asked this morning. 10 hours later still no reply.
    I’ve been in web development for over 30 years, ever since there’s the internet. Never experienced anything like this (and I’ve had my share of terrible hosters! Anybody remember Jumba now Uber I think.) But these clown at hostpapa really take the cake. Absolutely no idea about what they are doing. No technical knowledge and no internal communications. Absolutely disgusted. Several $1000 in advance. BIG MISTAKE!

Leave a Comment