t threatover
WordPress security, done by humans

Hacked WordPress site?
We fix it.

We clean compromised WordPress sites, find how it happened, and write you a plain-English report. Friendly humans for private blogs and growing companies alike.

Hilfe holen → See how it works
  • Written report you can hand to a client or insurer
  • 30-Tage-Reinfektions-Garantie on every cleanup
  • No clean, no pay — if we can't fix it, you don't owe us

What's happening?

If you're here, one of these is probably true.

Search warnings

Google hat deine Seite markiert.

„Irreführende Seite". Traffic weg. Anzeigen pausiert. Rankings im Sinkflug.

 Visible to visitors

Besucher sehen Warnungen.

Spam-Weiterleitungen. Pop-ups. Dubiose Anzeigen. Kunden fragen, ob die Seite sicher ist.

 Hidden trouble

Something feels off.

A backdoor can sit in your uploads folder for months. Removing the symptom doesn't close the door.

Common cleanups

How it works

Three steps. No surprises.

What we look for

Done by hand. Top to bottom.

Scanners catch known signatures. They miss obfuscated PHP loaders, database-level injections, and credential-theft backdoors that wait. A real person reads the diffs.

Most common

Malware, backdoors, web shells

c99, WSO, FilesMan, custom loaders, eval-base64 droppers. We find them by reading every changed file, not running a signature list.

functions.php · backdoor detected

SEO spam & pharma injections

Posts, options, theme footers, database tables. Including the ones only Googlebot can see.

Visitor-side trouble

JS skimmers, cryptojackers, sneaky redirects — including the ones that only fire for Google referrers.

Hardening

wp-config lockdown, file perms, secret rotation, XML-RPC, REST API, login-surface reduction.

Vulnerability triage

Vulnerable plugin or theme triaged and patched — not just deactivated and forgotten.

Database audit

Injected admin users, orphaned options, suspect cron jobs — reviewed by hand, every time.

Blocklist removal

Reconsideration requests submitted to Google Safe Browsing, Sucuri, McAfee, Norton, Yandex — as part of every cleanup, not an upsell.

What you walk away with

Forensischer Bericht in Klartext

Suitable for handing to a client, an insurer, or keeping for your own records. Every finding, with reproduction steps and a fix.

See a sample report layout →

You're not alone

Whatever it is, we've seen it before.

WordPress sites get hit. A theme update goes sideways. A plugin you forgot about turns into a backdoor. A friend tells you their phone is showing weird ads on your site. It happens — and it's nothing to be embarrassed about.

Step one is always the same: send us what you know. We'll write back with a triage and a fixed quote.

Hilfe holen → What we do

Preise

Two plans. No surprises.

Rescue

$279

Flat · one-time · per site

Manual cleanup, entry vector identified, written report. 30-day reinfection guarantee.

Shield

$29 / mo

Per site · cancel any time

Laufendes Monitoring, Absicherung, eine Bereinigung pro Jahr inklusive.

Du betreust 10+ Seiten? Agentur-Preise →  ·  Alle Tarife →

Frequently asked

Häufige Fragen.

Was passiert in der ersten Stunde, nachdem wir beauftragt sind?

Wir bestätigen den Zugang, erstellen einen forensischen Snapshot von Dateisystem und Datenbank und beginnen die letzten Änderungen zu lesen. Bevor wir etwas Destruktives tun, bekommst du eine Triage-Notiz mit Befund, Umfang und Festpreis.

Was, wenn die Seite erneut infiziert wird?

30-Tage-Reinfektions-Garantie auf jede Rescue-Bereinigung. Wenn etwas, das wir übersehen haben, zurückkommt, beheben wir es kostenlos. Wir schließen den Eintrittsvektor beim ersten Auftrag, daher kommt das selten vor.

Muss ich meinen Admin-Login herausgeben?

Wir brauchen temporären Zugang. Im Idealfall: ein einmaliger SFTP/SSH-Account und ein temporärer WP-Admin-Nutzer. Am Ende des Auftrags rotieren wir alle Secrets und entfernen unseren Zugang. Du kannst jederzeit widerrufen.

Macht ihr nur WordPress?

WordPress ist der Fokus. Für alles andere (WooCommerce, klassisches PHP, eigene LAMP-Stacks) frag uns — wir sagen ehrlich, ob es passt.

Wird Google meiner Seite wieder vertrauen?

Wir stellen bei jeder Bereinigung Anträge auf erneute Prüfung bei Google Safe Browsing und den großen Blocklisten. Den Zeitplan für die Auslistung setzt die Blockliste, nicht wir.

Rückerstattung?

Wenn wir deine Seite nicht bereinigen können, zahlst du nichts. Wir triagieren vor dem Angebot, daher kommt das selten vor — aber du haftest nie für Arbeit, die das Problem nicht behoben hat.

Who hires us

Built for the WordPress you actually run.

We've cleaned blogs that have one post a month and shops that take a thousand orders a day. Same care, different details.

Independent bloggers

Your personal site got hit. You don't want to pay a five-figure incident response. Start with a $149 checkup or a flat $279 cleanup.

If WordPress is hacked →

Small businesses

Your site is the front door for customers. Annual audit, hardening, and ongoing monitoring keep the door closed to the unwelcome.

See audits →

Agencies & studios

Hand off a build with confidence. Pre-launch reviews catch the leftovers; volume pricing for portfolios of 10+.

Pre-launch review →

WooCommerce / e-commerce

Skimmers and checkout tampering get expensive fast. Specialised cleanups for shops with real customer data on the line.

WooCommerce malware →

How we're different

Manual work, not a scanner subscription.

The honest comparison. Pick what fits — we'll tell you when you don't need us.

DIY
Free		 Scanner plugin
$5–25/mo		 threatover
$279 flat
Removes obvious signatures Maybe
Finds obfuscated PHP loaders Unlikely Often misses
Audits the database
Identifies the entry vector
Written forensic report
Blocklist reconsideration Your job Your job
Reinfektions-Garantie Varies 30 days
Time it takes you Days, often more Hours of clicking None — we do it

If you've got time and skill, DIY is real. If the site is making money or you simply don't want to spend a weekend on it, that's why we exist.

From the blog

What we're reading and writing.

All posts →

Seite kompromittiert? Auftrag starten.

Send us what you know. You get a triage and a fixed quote in return — no obligation.

Aufnahme-Formular öffnen →