Someone's WordPress got hacked. We got it back.

No care plan. No backups. Just a client who'd been hit and needed it fixed. We cleaned the malware off their existing site, hardened it, and got them running. Then we kept them safe. They've been with us ever since.

Talk to us

What we actually did

There was no care plan and no backups. A client contacted us because their WordPress site had a problem. It had been compromised, and they needed it fixed. We worked on the site they already had, removed the malware, and closed the door behind it. There was no safety net to fall back on, so we cleaned what was in front of us.

  • Assessment

    The client came to us already compromised. No care plan in place, and no backups to restore from. That ruled out the easy path of rolling back to a known-good copy. The job was to make the live site clean again, working with exactly what existed.

  • Cleanup in place

    We removed the malware from the existing site rather than rebuilding it from scratch. The content and the site they'd invested in stayed; what got stripped out was the injected code. Methodical, file by file, until the site was clean.

  • Hardening

    A clean site that's still soft gets reinfected. So we closed the entry point that let the malware in, locked down access, and brought the site's housekeeping up to date. This was the ordinary maintenance that hadn't had an owner before we arrived.

  • From rescue to care

    A one-off cleanup fixes today; it doesn't stop tomorrow. So the client moved onto a WordPress Digital Care plan, with ongoing updates, monitoring and backups, so the next vulnerability gets caught before it becomes another incident. They've been with us around four years since.

Outcomes

No backups

Cleaned in place

Existing site

Preserved, not rebuilt

~4 years

A client ever since

Common questions about the recovery

I don't have a care plan or backups. Can you still help?
Yes. That is exactly the situation this client was in. There was no care plan and no backup to roll back to, so we cleaned the malware off the live site itself. You do not need to have been a customer beforehand, and you do not need a recent backup. Get in touch and we will work with what you have.
Do you rebuild the site or clean the existing one?
We clean the existing site wherever we can. In this case we removed the malware from the site the client already had, rather than rebuilding it from scratch. That keeps the content and the work already invested in the site, and gets you back faster than a rebuild.
Will I lose my content?
The goal is to keep it. Cleaning in place means stripping out the injected malicious code while leaving your legitimate pages, posts and media intact. We did exactly that here. The site that came back was their site, minus the infection.
What happens after the cleanup?
A clean site that is still soft will get reinfected, so cleanup is only half the job. We close the entry point the malware used and lock down access before handing the site back. After that, ongoing care keeps it from happening again. That is the path this client took.
How do I stop this happening again?
Ongoing maintenance: keeping WordPress and its plugins updated, monitoring for changes, and keeping off-site backups so there is always a clean copy to fall back on. This client moved onto a WordPress Digital Care plan after the rescue and has stayed on it for around four years. The one-off cleanup became a relationship precisely so there would not be a second incident.

None of this was heroic. A client got hit, came to us with no plan and no backups, and we cleaned the site they had and shut the door behind the infection. What turned a one-off rescue into a four-year relationship wasn't the cleanup. It was what came after: the ordinary monthly care that means there hasn't been a second incident to write about. That's the real lesson. The cleanup fixes the day you call. The care plan is why you don't have to call again.

Want this capability built into your care plan? See WordPress Care plans →

Want this kind of response on your stack?

Talk to us