Skip to Main Content

Hacked WordPress Website Cleanup

If your WordPress website has been hacked we can clean it up for you, attempt to determine how the website got hacked (see an example of how that is done), and help you to secure it against a future hack. Hiring us will ultimately save you time and money over doing it yourself or hiring someone who doesn't know what they should be doing (which seems to be pretty common based on the number of times we are brought in to re-clean a website after another company has cleaned it up).

Please feel free to contact us to receive a free consultation on how you can best deal with your hacking issue. If you are not sure if your website is hacked, we can perform a free check to confirm for you if your website is in fact hacked.

To support the continued improvement of the security of WordPress we have created a plugin that detects installed plugins that have been removed from the WordPress.org Plugin directory (plugins can be removed from the directory for unresolved security vulnerabilities) and a security vulnerability bug bounty program for WordPress.

The hack can be due to compromised FTP credentials, an insecure web host, a vulnerable plugin, a weak password, or an outdated WordPress installation.

Some of the most prevalent activities preformed by the malicious code are inserting hidden spam links in the website's header or footer, creating spam pages, redirecting visitors to another website, and attempting to install malware on the computers of visitors to the website.

The hacks can be hidden in a variety of places and might only be active when the website is visited in a particular way. The hacks may be located in WordPress files, plugins, templates, or the database. The most common form of malware infection places an iframe or JavaScript code into the website's pages. When the code inserts hidden spam links, these links may only be in the page if the request comes from a crawler for a search engine. When the code redirects a visitor or attempts to infect a visitor's computer with malware, the attempt may only occur if a visitor comes to the website through Google or another search engine. When coming to the website directly, it will appear to be normal.

To clean up the website, we will review the website's files and database for code inserted during the hack and remove that code. Checking and cleaning the website's files takes a few hours. If the website is running on an old version of WordPress, the current version is 4.0 (check what version you are currently running), we will upgrade the website to the latest version of WordPress following proper upgrade procedures. Also, if any plugins are out of date we will update them. We will also work with you to secure the website against a future hack. If your website has been hacked due to poor security at your web host we can move your website to a new host as part of the service. If your website has been removed from the Google search engine we will assist you in filing a reconsideration request. If your website was distributing malware and has been flagged and blocked, we will request a malware review from Google and or Bing to have the warning removed. It should take no more than a day to be removed from Google's malware blacklist after a review has been requested.

Price:

$250 USD. Payment is due after the website has been cleaned up and we accept payment by credit card, debit card, or eCheck through PayPal in a number of currencies.


Related:

WordPress Plugins

Services

Tools

Resources