The site is down, revenue is frozen, and the temptation is to start changing things at random. Do the opposite. First, confirm the outage is real and how wide it is: load the site from your phone on cellular data, not your office wifi, and run the URL through a free checker like Down for Everyone or Just Me. If it fails from more than one network, you have a real outage, and the rest of this post is your checklist for the next hour.
Take a breath before you touch anything. Most outages are boring: an expired domain, a bad plugin update, a hosting hiccup, a certificate that lapsed. Boring problems have known fixes. Work the list in order and resist the urge to change five things at once, because the site that comes back up needs to tell you which change brought it back.
How do I confirm the site is actually down?
Test from a network that has nothing to do with your building. If the site loads on your phone over cellular but fails on your office wifi, the problem is local and your customers never saw it. If it fails everywhere, the outage is real and you can stop second-guessing.
Then measure the blast radius. Is the whole site dead, or one page? Does the homepage load while checkout fails? Can you still log into your admin dashboard? A fully dark site points at hosting, domain, or DNS. A site that half-works points at something inside it, usually a recent change.
Whatever you find, write down the exact error text and take screenshots with timestamps. That record makes your host’s support faster and your post-mortem honest.
Is it hosting, the domain, DNS, or SSL?
Check in this order: your host’s status page, your domain’s expiration date, your DNS settings, then your SSL certificate. The error on screen usually tells you which layer broke before you check anything.
A rough decoder:
- The page times out, or you see a 500, 502, or 503 error. Start with hosting. Every major platform publishes a status page (Shopify, WP Engine, GoDaddy, Bluehost, all of them). If your host is having a bad day, there is nothing to fix on your end. Skip ahead to the communication step.
- You land on a parking page or “this domain may be for sale.” Your domain registration expired. Log into your registrar and renew it. An expired card on auto-renew is one of the most common self-inflicted outages we see.
- “Server not found,” or the site works for some people and fails for others. That pattern is DNS. Ask whether anyone touched DNS records or nameservers recently. DNS changes take hours to spread across the internet, so a morning mistake can surface at lunch.
- A “your connection is not private” warning. The SSL certificate expired or got misconfigured. The server underneath is probably fine. Renew the certificate through your host or certificate provider.
- A suspension notice from your host. Unpaid invoice, resource abuse, or a malware flag. Call the host directly. Nothing else on this list matters until that conversation happens.
One more question worth asking out loud: did anyone change anything in the last day or two? A plugin update, a theme edit, a new integration, a DNS tweak. The most recent change is the prime suspect. Roll it back before you go digging deeper.
What if the site was hacked?
Redirects to strange sites, pages you never wrote, defaced content, or a browser warning that the site may be harmful all point to a compromise rather than an outage. Change your hosting and CMS passwords immediately, contact your host, and plan to restore from a clean backup instead of patching the damage you can see. Attackers almost always leave more behind than the obvious mess.
Put the site into maintenance mode if you can, so visitors stop landing on infected pages. Resist the urge to delete suspicious files right away; your host’s security team may need them to find the entry point. Once you restore, update the CMS, every plugin, and every theme, and remove any admin accounts you don’t recognize. If customer data may have been exposed, tell those customers plainly. The message is uncomfortable for a day. The cover-up is uncomfortable for years.
Who do I tell, and what do I say?
Tell your own team first so nobody makes overlapping changes, then tell customers where they actually look: your Google Business Profile, your social accounts, and email if the outage stretches past a few hours. Keep the message short and plain. “Our website is down and we’re working on it. You can still reach us by phone” covers it.
Two things people forget mid-panic. Pause any ads pointing at the dead site, because paid clicks to an error page are money spent on frustrating people. And skip the spin. Calling an outage “scheduled maintenance” fools nobody and costs trust you’ll want later.
How do I actually get it back up?
Three paths, in order of preference: roll back the most recent change, restore from a backup, or escalate to your host’s support with your screenshots and timeline. If the outage is on your platform’s side, your only job is communicating while they fix it.
Backups deserve a hard look right now. Find out where they live, how far back they go, and whether anyone has ever tested a restore. Retention windows vary widely by host, and a restore rolls the site back to the moment of the backup, so note any orders or form submissions that arrived since.
If you can’t find the credentials, the backups, or the developer who set everything up, you’re in the exact situation our emergency support service exists for. We won’t quote a fix time before we’ve seen the problem, and you should be suspicious of anyone who will. Call 813-531-9400 and we’ll tell you what we find.
What should happen once the site is back?
Write down what happened while it’s fresh: a timeline, the root cause, and the one change that would have prevented it. Then spend an hour making the next outage boring: uptime monitoring that texts you, auto-renew with a current card on the domain and certificate, offsite backups you’ve actually test-restored, and a one-page document with every login your site depends on.
We’re in Tampa, and every June we watch local businesses relearn this during hurricane season. Your hosting probably sits in a data center far from the storm, but your office, your laptop, and the sticky note with the passwords do not. The break-glass document has to be reachable from a phone with the power out. The same logic holds nationally, whether your threat is a hurricane, a blizzard, or a backhoe finding a fiber line.
And if the outage traced back to a fragile site, aged plugins, no backups, a host nobody remembers choosing, treat this as the warning shot. Rebuilding on a maintained foundation costs less than the second outage. Start with foundational work before anything flashier.
Common questions
Will downtime hurt my Google rankings? A few hours almost never does. Outages that run for days can, because Google recrawls failing pages and may drop them. Fix the site first; rankings tend to recover once it’s stable again.
Should I call my host or my developer first? Read the error first. Host errors and suspension notices go to the host. A break right after an update goes to whoever made the change. If you genuinely can’t tell, call whoever answers fastest and share your screenshots.
How long should a fix take? Renewals and rollbacks are often quick. DNS problems can linger for hours after the correct fix because of propagation. Hack cleanup takes the longest, so set expectations in days.
How do I hear about the next outage before my customers do? Set up a free uptime monitor that pings your site every few minutes and alerts your phone. It takes a few minutes to configure and removes the worst part of this whole experience: finding out from an annoyed customer.