I thought that .com was different than the .org multisite?

Beneath “This Account Has Been Suspended” it says, “Please contact the billing/support department as soon as possible.”

This message did not originate from my institution nor from any of the College’s personnel. We do not have a billing department because we are hosting our own multisite on our own server.

I am just perplexed about this issue.

Looking at the source code of the page, the suspended stuff was inserted directly into the middle of the head section. So, could be a plugin that is using wp_head to insert it, or it could be copypasted straight into the theme’s header.php file.

Scan the contents of the wp-content directories, specifically the themes and plugins directories. Look for that text “This Account Has Been Suspended”. You should be able to find it that way.

As to if it’s a hacked site or not, can’t say without more info. But the fact that it’s running a over 2 year old version of WordPress is indicative that it probably was. Even the 4.4 line is updated to 4.4.14 already, and most of those point releases were security related. Have them update to the latest version of WordPress, 4.9.4. And tell them to keep it up to date.

The college’s IT department has not been able to update to a more current version of WP due to file permission inconsistencies with php files. They have not been able to resolve that issue, even by attempting to manually updating WP. But that is a whole other topic, but it appears it might be effecting this current “This Account Has Been Suspended” issue.

I will scan the contents of the wp-content directories when I am on campus and able to access the server.

I appreciate your response. It has provided direction to an issue that I did not know where to turn. Thanks!

The college’s IT department has not been able to update to a more current version of WP due to file permission inconsistencies with php files.

I can help you with that one too. Feel free to pass them this information:

If this is a dedicated server, with no other sites on it, then the files should be owned by the webserver user account, such as apache/httpd/www/nobody or whatever is relevant. The permissions on all folders should be 755 or 750, the permissions on all files should be 644 or 640, with the exception that the wp-config.php file should be 440 or 400. The wp-content/uploads directory in particular should *not* have 777 permissions, but should also be 755 or 750.

If this is a shared server, with several different sites running on the shared webserver, then for maximum intra-user security, it should be configured to use a “php-fpm” configuration, or on older setups, “suexec” or “suphp”. This allows the Apache (or nginx) process to launch PHP as the owner of the files and not as the apache user account. In such a case, all WordPress files should be owned by that user account and group, not by the webserver’s own account. The permissions model is the same, only ownership is different. The php-fpm model is likely the most common secure configuration for shared servers.