Hacked Drupal Website Cleanup

If your Drupal website has been hacked to put malware, spam content, or other malicious content on it, getting it properly cleaned up involves three key components:

  • Clean up the hack.
  • Get the website secured as possible (which which usually involves getting Drupal, contributed modules, and themes on the website up date).
  • Try to determine how the website was hacked and fix that.

Unlike many other companies, we actually do all three of those and have years of experience of doing them properly. When those other companies don't do those things you might get lucky and not have additional issues going forward, but too often we are hired to re-clean hacked websites after those haven't been done.

While focusing on doing a cleanup as fast as possible is likely to lead to a bad outcome, we can usually clean up the website in a few hours.

Unlike companies like Sucuri we fully stand behind our cleanups and don't charge until after they are completed instead of providing you a faux refund guarantee. Also unlike so many companies including Sucuri and SiteLock, we actually properly clean up hacked websites instead of intentionally cutting corners and leaving your website vulnerable. We also don't charge you until we complete the work, as again, we fully stand behind our work.

If you are not sure if your website has been hacked, please feel free to contact us to get a second opinion on your belief that it might be hacked.

To support the continued security of Drupal we have created a security vulnerability bug bounty program for Drupal.


$500 USD for a website running Drupal 7 or 8.

$100 per additional website in the same hosting account.

Payment is due after the website has been cleaned up and we accept payment by credit card, debit card, or eCheck through PayPal in a number of currencies.