✓ No commitment · ⚡ Reply within 24 h · 💬 WhatsApp
WordPress compromise · address immediately

Is your WordPress site
hacked?

WordPress cleanup, hardening and restoration

Suspicious redirects, malware, Google Search Console alert, wp-admin locked… 30-minute diagnostic, full cleanup, post-incident hardening, Google alert removal.

💬 Chat on WhatsApp
✓ WordPress · WooCommerce expert ✓ Cleanup within 1 day for 80 % of cases ✓ 60-day warranty

One of these signs? The site is compromised.

Click the one that matches, we'll take care of it.

⚠️ Google Search Console alert "This site may harm your computer" ↗️ Suspicious redirects .ru / .top / casino / pharma 🔍 Spammy pages in Google Cialis, casino, loan in the results 🔒 wp-admin inaccessible Credentials valid, login refused 📧 Spam sent from your server Host flags it, domain blacklisted ⚡ Site suddenly slow CPU maxed out, hidden cryptominer
⚡ Process

From diagnostic to clean site, in 5 steps

Cleaning a hacked WordPress is not just deleting one shady file. Everything has to be combed through, otherwise the hack comes back within 48 hours.

01

Isolation

Full backup of the infected site before any action. No modifications — we preserve the files, the database and the logs for forensic analysis.

02

Deep scan

File-by-file comparison against the official WordPress source: wp-includes, wp-admin, plugins, themes. MD5 hashes checked against the reference version.

03

Cleanup

Removal of malware, backdoors, webshells, parasite files. Database audit: injected wp_options, compromised wp_users, malicious cron jobs.

04

Hardening

WAF installation (Wordfence or Cloudflare), enforced 2FA on admin, removal of nulled plugins/themes. wp-config.php hardening, file permissions.

05

Google alert removal

Submission of the review request via Google Search Console. Google response within 24 to 72 hours, then the "This site may harm…" warning disappears.

🔧 Technical scope

What I actually clean

WordPress is PHP + MySQL + a hundred or so plugins. A compromise almost always touches several layers.

WordPress core

core · plugins · themes
  • wp-includes / wp-admin compared to the official source
  • Infected or abandoned plugins (TimThumb, Revolution Slider…)
  • Nulled / pirated themes (cause #1 of compromises)
  • Compromised .htaccess and wp-config.php files

Backdoors

webshells · cron · eval()
  • PHP webshells (c99, r57, b374k, mini shell)
  • eval(base64_decode(…)) in wp-content, uploads
  • Malicious WP cron jobs (wp_schedule_event)
  • Admin accounts added at DB level (wp_users)

Database

wp_options · wp_posts · users
  • wp_options audit (script injection into siteurl, home)
  • Spam posts injected in bulk
  • Admin / editor accounts added
  • Malicious WP hooks persisted in the database

Post-incident

WAF · 2FA · monitoring
  • Installation of Wordfence / Sucuri / Cloudflare WAF
  • 2FA enforced on admin, default admin account removed
  • wp-config.php hardening, file permissions
  • Google Search Console review request
clean and hardened, not just one of the two
💰 Pricing

Pricing stated up-front

The diagnostic is free. The cleanup cost depends on the infection depth identified during the diagnostic.

🔍 Diagnostic

Diagnostic

find out what's going on
0free
30 min · no commitment
  • Deep scan of the site
  • Identification of the original security hole
  • Costed estimate for the cleanup
  • You decide if we continue
Start the diagnostic →
🛡️ Most requested 🧼 Cleanup

Full cleanup

clean + hardened site
from 180excl. VAT
depending on depth · price stated up-front
  • Backup of the infected site before intervention
  • Removal of malware, backdoors, parasite files
  • Database audit + injection cleanup
  • WAF + hardening post-incident included
  • Google Search Console review request
  • 60-day warranty against the same reinfection
🛡️ Maintenance

Preventive maintenance

never get hacked again
from 50/ month
24/7 monitoring · no commitment
  • Weekly security scan
  • Continuous hardening (WAF, 2FA, wp-config)
  • Daily backups externalised
  • 24/7 monitoring + intervention if compromised
💬 Client feedback

They got hacked. Not anymore.

One morning, my site showed up flagged as "dangerous" on Google. Within 24 hours, my sales had collapsed. I was panicking. Kellian calmly explained what had happened, without making me feel guilty. 48 hours later, the alert was gone and my sales were back.
CB
C.B.
Jewellery · WordPress 6.4
Overnight, I couldn't log into my own site anymore. Someone had taken over and I didn't know whether my customers were exposed. Everything was recovered, I know how they got in and it's locked down. I finally sleep at night.
MD
M.D.
Home & decor · WooCommerce 8
My host shut my site down with no warning, just saying there was "something weird" on the server. I called on a Saturday out of sheer desperation. Everything was cleaned within the day. No further chase-ups from the host in 9 months.
PR
P.R.
B2B catering · WordPress 6.2
❓ FAQ

The real questions about getting hacked

Several concrete signals: Google Search Console shows a security alert, your site redirects to another URL (often a .ru / .top domain), spammy pages appear in Google with strange keywords (pharmacy, casino…), your antivirus blocks your own site, your customers receive spam in your name, or wp-admin no longer opens. If even one of these signs appears, treat the site as hacked until proven otherwise.
30-minute diagnostic. Cleanup between 2 hours and 1 day depending on infection depth. Most compromised sites are cleaned within the day. For the most complex cases (malicious cron jobs, multiple backdoors, database compromise), allow 24 to 48 hours with restoration from a clean backup.
It depends on the intrusion date and the availability of a clean prior backup. If you have a reliable backup from before the compromise, we restore it and then close the original security hole. Otherwise we clean manually: analysis of every modified file, comparison to the official WordPress source, removal of injections, database audit (wp_options, wp_users, wp_posts).
Once the site is cleaned and hardened, we submit a review request via Google Search Console (Security issues section). Google response time: 24 to 72 hours. As long as the request is not validated, the site stays flagged — do not submit the request until the cleanup is fully finished, otherwise you burn your credit with Google.
Three concrete actions: 1) remove nulled plugins/themes (free cracks), which are the number one cause of WordPress compromises, 2) install a WAF (Wordfence, Sucuri or Cloudflare in front) and protect the wp-config.php files, 3) subscribe to maintenance with 24/7 monitoring and security hotfixes applied as soon as available. Prevention costs 10 times less than a cleanup.
Possibly. Depending on the attack type (JavaScript skimmer, database dump, admin access), card / email / address data may have leaked. Under UK GDPR / EU GDPR, you have 72 hours to notify the ICO (or your supervisory authority) if a personal data breach is confirmed. We audit the real scope of the intrusion together, document the incident and support you with the breach notification if needed.
🔗 Related topics

Other issues I handle

WordPress malware

See the page →

WordPress critical error

See the page →

WordPress recovery

See the page →

Is your site compromised right now?

The longer you wait, the more Google blacklists your domain. Free 30-minute diagnostic, quote within 24 business hours, cleanup within the day for most cases.

💬 Chat on WhatsApp
💬 Chat on WhatsApp — reply in minutes