Website Malware


I’ve finished building a site for a client and was about to move it from my domain to theirs. however, when i tried accessing their current site i could not access the frontend nor backend, when i reached out to support they told me there is a virus on the site. Support recommended that I buy their website security plan, I’m just wondering is it necessary - if I delete the entire site as I am migrating the new one anyway, will that get rid of the malware?
Is there any other way to go about this?
If anyone could please advise


Can anyone advise? I have to get back to the client with options
Is GoDaddy security plan good?

I think penina is making a bar mitzva this shabbos, so she may not be on here. Maybe check with @schlomithsassoon

@gittyklein - A few more questions.

  1. Are you moving onto the same host?
  2. Do you need any of the old files?
  3. Can you open a new host and then just adjust the DNS to connect to the new host?

(For hosting I’d recommend SiteGround or Cloudways- NOT GoDaddy, have had numerous bad experiences in the last year or so with their hosting.)

  1. I am moving the site from my domain (siteground) to their current hosting (GoDaddy)
  2. I do not need any of the old files as we’ve built a completely new site
  3. I did not discuss with the client changing hosting as they seemed happy with their current hosting and this issue cropped up just now. Do you think I should suggest this option? their current plan only ends in 2026
    Really appreciate any advice and possible options

So YES- insist on moving to Siteground. They can get a refund from GoDaddy. The client sites that have had malware have almost all been on GoDaddy.
And then you’ll start with a fresh slate!

Let me know if this helps / if you have any further questions!

Thanks so much!
I just sent her an email, waiting to hear what she says to this

How can they get a refund from GoDaddy?

I’m pretty sure if they cancel they can request a refund for the prorated time that was not used.

I tried speaking to GoDaddy and te client tried as well but they will not give any refund.
GoDaddy are saying they should buy their security plan which offers a cleanup of the site.
Client is unsure what to do. Can they rely that Godaddy’s cleanup will completely get rid of the malware?