Malware cleanup · One-time service

A hacked site, cleaned properly.

We scan the site, tell you exactly what we found, and give you a fixed quote before any work starts. Then we remove the infection, close the way it got in, and show you the evidence that it's gone.

The scan is free and tells you either way. You approve the quote before anything is touched.

Diagnosis

Is your site infected?

Malware rarely announces itself. These are the signs we see most often — tick anything you've noticed.

Signs of compromise

Tick anything you've noticed. One sign is enough to be worth checking.

Request the free scan
The process

Four steps, in order, with nothing skipped

Each step produces something you can read. You approve the quote before any work begins.

Scan

We examine files, the database, user accounts and server logs to map the full infection — not just the visible symptoms.

You receiveA findings summary: what's infected, and how it likely got in.

Quote

Based on the scan, we quote the cleanup as a fixed one-time price. No work starts, and nothing changes on the site, until you approve it.

You receiveA fixed written quote for the whole job.

Clean

We back up the site first, then remove the malicious code, reinstall core from clean copies, remove rogue accounts and rotate every credential and key.

You receiveProgress notes as the work happens — what we found, what we did.

Verify

We close the entry point, re-scan until the site comes back clear, and request removal of any browser or search warnings.

You receiveA cleanup report showing the site scans clean.

How long each step takes depends on the infection — the scan tells us, and the quote tells you, before anything is committed.

Scope

What the cleanup includes

Every quoted cleanup covers the full job below. If the scan shows your case needs less, the quote reflects that.

Removal of malicious code from files and database

WordPress core reinstalled from verified clean copies

Identification and closure of the entry point

Removal of rogue admin accounts and backdoors

Rotation of passwords, security keys and salts

Full site backup taken before any changes

Review requests for Google Safe Browsing and blocklist warnings

A written cleanup report with the final clean scan

Pricing

Quoted, not guessed

Infections vary too much for one honest fixed price. So the scan is free, and the quote is fixed before work begins.

One-time cleanup

Malware cleanup

A fixed quote based on what the free scan finds. The price you approve is the price you pay, whatever the cleanup turns out to involve.

Fixed quote

+VAT · after a free scan · one-time

Request a free scan

Afterwards

Staying clean

Cleanup fixes what happened. A care plan is what stops it happening again — every plan includes malware scanning, a firewall and virtual patching that blocks disclosed vulnerabilities the same day. Plans start at £25 +VAT per month, per site.

From £25

+VAT /mo · per site · rolling monthly

See care plans

How you know it worked

We don't ask you to take "it's fixed" on trust. The cleanup ends with evidence.

  • A final scan report showing zero detections across files and database
  • The entry point named, and the fix that closed it described
  • Blocklist and browser-warning status, with review requests filed
  • A verified backup of the clean site, restorable if anything is ever needed
What you'll read at the end

A cleanup report, not a shrug

Every job ends with a plain-English report. This is the kind of thing it says.

Cleanup report — excerpt Sample

Malicious code removed from 14 files. Core reinstalled from clean copies; your content and settings were untouched.

Entry point: a disclosed vulnerability in your form plugin. Virtual patching blocked it the same day; the plugin has since been updated.

0 known vulnerabilities. Last scan today. Backup verified and restorable.

Google Safe Browsing review requested; the warning has been cleared.

This is a sample showing the format and level of detail. Your report describes your site.

Cleanup questions

Asked before, answered plainly

How long does a cleanup take?
It depends entirely on the infection — a single compromised plugin is a different job from a site with backdoors in the database. Rather than promise a number we might not keep, the free scan tells us the scope, and the quote tells you what's involved before you commit to anything.
Will I lose content or settings?
No. The first thing that happens in the cleanup step is a full backup of the site as it stands. Core files are reinstalled from clean copies, but your content, media and settings are preserved. The malicious code is what gets removed — not your work.
Can't I just restore an old backup?
Sometimes, but it's a gamble twice over. Many infections sit quietly for weeks before showing symptoms, so the backup may already be infected. And even a clean restore reopens the same vulnerability that let the attacker in, so the site is often re-compromised within days. A proper cleanup removes the infection and closes the entry point.
What do you need from me to start?
Access to the site — WordPress admin and hosting or FTP credentials — shared through a secure method we'll walk you through. If your host has suspended the site, forward their email; we can usually work with the host directly to get access for the cleanup.
What if the site gets infected again?
The cleanup closes the entry point we found, which is what prevents the most common kind of repeat: the same door being used twice. What no cleanup can do is defend the site against the next vulnerability disclosed next month — that takes ongoing scanning, firewalling and virtual patching, which is exactly what the care plans are for. That's why cleanup and care are separate: one fixes, the other keeps watch.
Why isn't malware removal included in the monthly plans?
Because a pre-existing infection is a one-time problem with a one-time cost, and folding it into a subscription would mean every clean site quietly subsidising the hacked ones. Plans include the things that stop infections — scanning, firewall, virtual patching, backups. Cleaning up something that happened before we were involved is quoted on its own, once, and then the plan takes over.

The cleanup fixes today. A plan covers tomorrow.

Every WPCare plan includes the protections that make a repeat unlikely — and a monthly report showing they're working.

Malware scanning Firewall & brute-force protection Virtual patching by Patchstack Daily off-site backups Uptime checks