I have been using Bluehost for 5 years and have multiple accounts. About 2 years ago discovered that more and more of my websites were getting "hacked". Even websites that were custom built with no possible security holes are being hacked and malicious content added. Now I have an account with 15 add-on accounts and every single domain is giving me an error message saying the site is being linked to a malicious or phishing website. I have been on and off with support for the better part of 2 years and I have also changed FTP clients at least 4 times. I don't save my FTP login information anywhere and I have taken every step to keep my information protected. This is becoming way beyond frustrating.
About 6 months ago I decided to run a split test and see if it was indeed my software and not the hosting company. Bluehost always said it was my scripts causing the issue and I wanted to see if that was true. I purchased a cheap hosting account through another hosting company and uploaded my site and scripts there. The same website that Bluehost told me was the problem has been up and running actively for 6 months without a single issue. The same site that was "hacked" within 2 weeks on my Bluehost account. That makes me wonder...is it really the scripts I have running or the hosting company?
Here's something else interesting. I took a website that was a popular target for hackers on Bluehost and logged the files. There were 1,308 total scripts when I uploaded it to Bluehost. After about 2-3 weeks I started to get the malicious software error so I checked the scripts and now there was over 4,500! Something or someone had injected over 3,000 files onto my account. I uploaded the exact same site with the 1,308 files to the other hosting company and I just checked before starting this thread; 1,310 files (2 new ones were in the tmp folder). Not a bit of malicious content. No files injected into my account. And no error messages.
This leads me to believe that it's not my software and scripts that has security issues but instead Bluehost is the one that has the security issues. I can't say unequivocally that this is the case, but I have tested it numerous times and the results don't lie. I would love to stay with Bluehost, but this is scary since me and my family's livelihood depends on clients that have functioning websites and me not working 8 hours a day trying to find exploits and malicious content on all of my client's websites.
Anyone else encounter this problem? If so, did you test it and what was the outcome? Please don't take this as a knock on Bluehost...I would love to stay with them. I just want to get to the bottom of the issue because I'm spinning my wheels over here constantly fixing websites that weren't broke because of my scripts or security issues.