Hacked Drupal Website Cleanup

If your Drupal website has been hacked to put malware, spam content, or other malicious content on it, getting it properly cleaned up involves three key components:

  • Clean up the hack.
  • Get the website secured as possible (which usually involves getting Drupal, contributed modules, and themes on the website up to date).
  • Try to determine how the website was hacked and fix that.

Unlike many other companies, we actually do all three and have years of experience of doing them properly. If you hire another company that doesn't do those things you might get lucky and not have additional issues going forward, but unfortunately too often we are hired to re-clean malware infected websites after those haven't been done.

While focusing on doing a cleanup as fast as possible is likely to lead to a bad outcome, we can usually clean up the website in a few hours.

Unlike companies like Sucuri, we fully stand behind our cleanups and don't charge until after they are completed, instead of providing you a faux refund guarantee. Also, unlike so many companies, including Sucuri and SiteLock, we actually properly clean up hacked websites instead of intentionally cutting corners and leaving your website vulnerable.

If you are not sure if your website has been hacked, contact us to get a second opinion on your belief that it might be hacked.

To support the continued security of Drupal we have created a security vulnerability bug bounty program for Drupal.


$500 USD for a website running Drupal 7, 8, or 9.

$100 per additional website in the same hosting account. Payment is due after we have completed cleaning up the website. We accept payment by credit card, debit card, or eCheck through PayPal in several currencies.