I have several sites on bluehost that got hacked badly. Most I cannot access the admin login to add a plugin and activate it. I was able to add it to one of the sites and started a complete scan. It scanned about 100 folders of 39000 folders in 9 minutes and 160 folders in 17 minutes. It will take several days at this speed to scan the site providing it does not completely freeze. Is the malware making this plugin unusable?
It sounds like you’re getting about 10 folders scanned per minute. This is extremely slow in general and I expect it is even slow by Bluehost standards, but I cannot say why it is so slow without a lot more diagnostic data. I can only say that I would normally expect it st scan at a rate of 1 or 2 folders per second, averaging around 100 folders per minute. Even so, it would still take over 6 hours to scan 39000 folders. The site root for this installation of WordPress might contain sub-directories containing other WordPress sites, this might explain the great number of folders on this scan. It is usually preferable to scan each site from within the wp-admin of that individual site and omit the directories which contain other websites that will be scanned separately.
The main issue though is the general slowness of the scan and you should look into the error_log files on the server to see if there are any errors or warnings there that might explain the slow scanning. You can also check your browser’s Console for JavaScript errors that might be causing the page to load slowly. Ideally you would also want to look at the overall performance of the server and the current load that this server is under, but that would most likely be info that Bluehost would not share with it’s customers, even if they did have a good handle on those stats.
Beyond that there is only so much I can do when the software is running on other’s hardware that is out of my control. If there are no errors to remedy and the usual server performance boosts like increasing the memory_limit in your php.ini file on the server do not help then I can only suggest that you consider hosting your websites on a more secure hosting platform with a better performing server.