When you submit a WordPress Site Cleanup request, the scope of what our engineers can do depends heavily on whether the site is publicly reachable at the time of the request. This article explains what changes — and what doesn't — when a site is offline, suspended, or otherwise blocked from public traffic.
How Our Cleanup Tools Work
Our remediation process relies on a thin client (monarx-analyzer.php) that we deploy to your site during the cleanup. This file acts as a secure bridge between our engineers' tools and your WordPress environment. When the site is publicly accessible, this connection allows us to run a full suite of WordPress-specific diagnostics and remediation actions — not just file scanning.
When the site cannot be reached over HTTP/HTTPS, that bridge cannot be established, and a significant portion of our toolkit becomes unavailable.
What We Can Do in Each Scenario
✅ Site Is Publicly Accessible
When the site loads normally over HTTPS and all technical requirements are met, our engineers have access to the full cleanup toolkit, which includes:
WordPress-Specific Diagnostics & Remediation
Scan and clean the WordPress database for malware and injected content.
Detect and remove rogue administrator accounts
Reset WordPress user passwords
Perform integrity checks on WordPress Core, plugins, and themes against their official checksums
Reinstall, activate, or deactivate plugins and themes as needed
File-Level Remediation
Detect and remove malicious files
Clean injected malware from compromised files (such as modified theme files or
wp-config.php)Act according to your configured Monarx agent policy for file handling
⚠️ Site Is Not Publicly Accessible
If the site is suspended, returning DNS errors, blocked behind an HTTP authentication gate, or otherwise unreachable from the public internet, our thin client cannot be reached. In this scenario, WordPress-specific diagnostics are not available.
Our engineers will be limited to file-level remediation only, based entirely on what the Monarx agent has already detected on disk:
🏁 What remains available:
Removal of files identified as malicious by the agent
Cleaning of injected malware from compromised files
All actions will follow your configured agent policy
🚫 What is not available:
Database scanning and cleaning
Rogue admin detection and removal
Password resets
WordPress Core / plugin / theme integrity checks
Plugin or theme reinstallation, activation, or deactivation
This means that even if file-level malware is successfully remediated, any infection that has already propagated to the database — such as spam content, injected links, or persistent backdoor entries — will remain unaddressed until the site becomes publicly accessible and a new cleanup can be performed.
Common Reasons a Site May Be Inaccessible
The domain has expired or DNS is pointed to a different server
The site has been suspended by the hosting provider
The site is returning HTTP 4xx or 5xx errors
The site is behind an HTTP authentication gate (htpasswd / basic auth)
A WAF or firewall is blocking our IPs — see How to Whitelist Monarx IPs
Recommendation
Whenever possible, restore public accessibility before submitting your Site Cleanup request. If you need to keep the site restricted for security or business reasons, whitelist the Monarx IP addresses so our tools can connect without exposing the site to general traffic.
If you submit a request while the site is inaccessible, our engineers will perform what file-level remediation is possible and provide feedback on what remains to be addressed once the site is back online. You are welcome to re-submit once the site is publicly reachable to complete the full cleanup.