t threatover
WordPress security, done by humans

Hacked WordPress site?
We fix it.

We clean compromised WordPress sites, find how it happened, and write you a plain-English report. Friendly humans for private blogs and growing companies alike.

Pedir ayuda → See how it works
  • Written report you can hand to a client or insurer
  • Garantía de reinfección 30 días on every cleanup
  • No clean, no pay — if we can't fix it, you don't owe us

What's happening?

If you're here, one of these is probably true.

Search warnings

Google marcó tu sitio.

«Sitio engañoso». El tráfico se evaporó. Anuncios pausados. Posiciones cayendo.

 Visible to visitors

Los visitantes ven avisos.

Redirecciones de spam. Pop-ups. Anuncios sospechosos. Los clientes preguntan si el sitio es seguro.

 Hidden trouble

Something feels off.

A backdoor can sit in your uploads folder for months. Removing the symptom doesn't close the door.

Common cleanups

How it works

Three steps. No surprises.

What we look for

Done by hand. Top to bottom.

Scanners catch known signatures. They miss obfuscated PHP loaders, database-level injections, and credential-theft backdoors that wait. A real person reads the diffs.

Most common

Malware, backdoors, web shells

c99, WSO, FilesMan, custom loaders, eval-base64 droppers. We find them by reading every changed file, not running a signature list.

functions.php · backdoor detected

SEO spam & pharma injections

Posts, options, theme footers, database tables. Including the ones only Googlebot can see.

Visitor-side trouble

JS skimmers, cryptojackers, sneaky redirects — including the ones that only fire for Google referrers.

Hardening

wp-config lockdown, file perms, secret rotation, XML-RPC, REST API, login-surface reduction.

Vulnerability triage

Vulnerable plugin or theme triaged and patched — not just deactivated and forgotten.

Database audit

Injected admin users, orphaned options, suspect cron jobs — reviewed by hand, every time.

Blocklist removal

Reconsideration requests submitted to Google Safe Browsing, Sucuri, McAfee, Norton, Yandex — as part of every cleanup, not an upsell.

What you walk away with

Informe forense en lenguaje claro

Suitable for handing to a client, an insurer, or keeping for your own records. Every finding, with reproduction steps and a fix.

See a sample report layout →

You're not alone

Whatever it is, we've seen it before.

WordPress sites get hit. A theme update goes sideways. A plugin you forgot about turns into a backdoor. A friend tells you their phone is showing weird ads on your site. It happens — and it's nothing to be embarrassed about.

Step one is always the same: send us what you know. We'll write back with a triage and a fixed quote.

Pedir ayuda → What we do

Precios

Two plans. No surprises.

Rescue

$279

Flat · one-time · per site

Manual cleanup, entry vector identified, written report. 30-day reinfection guarantee.

Shield

$29 / mo

Per site · cancel any time

Monitorización continua, endurecimiento, una limpieza al año incluida.

¿Gestionas 10+ sitios? Precios para agencias →  ·  Todos los planes →

Frequently asked

Preguntas frecuentes.

¿Qué pasa en la primera hora después de contratarte?

Confirmamos el acceso, tomamos una instantánea forense del filesystem y la base de datos, y empezamos a leer los cambios recientes. Antes de tocar nada destructivo recibes una nota de triaje con lo encontrado, el alcance y un presupuesto fijo.

¿Y si se reinfecta?

Garantía de reinfección 30 días en cada limpieza Rescue. Si algo que se nos escapó vuelve, lo arreglamos gratis. Cerramos el vector de entrada en el primer trabajo, así que esto es raro.

¿Tengo que entregarte mi acceso de admin?

Necesitamos acceso temporal. Ideal: una cuenta SFTP/SSH puntual y un usuario admin WP temporal. Al final del trabajo rotamos todos los secretos y retiramos nuestro acceso. Puedes revocar cuando quieras.

¿Solo hacéis WordPress?

WordPress es el foco. Para lo demás (WooCommerce, PHP clásico, LAMP propio) pregunta — te decimos honestamente si encaja.

¿Volverá Google a confiar en mi sitio?

Enviamos solicitudes de reconsideración a Google Safe Browsing y las principales blocklists en cada limpieza. El plazo de exclusión lo marca la blocklist, no nosotros.

¿Política de reembolso?

Si no podemos limpiar tu sitio, no pagas. Triamos antes de presupuestar, así que es raro — pero nunca cargas con un trabajo que no resolvió el problema.

Who hires us

Built for the WordPress you actually run.

We've cleaned blogs that have one post a month and shops that take a thousand orders a day. Same care, different details.

Independent bloggers

Your personal site got hit. You don't want to pay a five-figure incident response. Start with a $149 checkup or a flat $279 cleanup.

If WordPress is hacked →

Small businesses

Your site is the front door for customers. Annual audit, hardening, and ongoing monitoring keep the door closed to the unwelcome.

See audits →

Agencies & studios

Hand off a build with confidence. Pre-launch reviews catch the leftovers; volume pricing for portfolios of 10+.

Pre-launch review →

WooCommerce / e-commerce

Skimmers and checkout tampering get expensive fast. Specialised cleanups for shops with real customer data on the line.

WooCommerce malware →

How we're different

Manual work, not a scanner subscription.

The honest comparison. Pick what fits — we'll tell you when you don't need us.

DIY
Free		 Scanner plugin
$5–25/mo		 threatover
$279 flat
Removes obvious signatures Maybe
Finds obfuscated PHP loaders Unlikely Often misses
Audits the database
Identifies the entry vector
Written forensic report
Blocklist reconsideration Your job Your job
Garantía de reinfección Varies 30 days
Time it takes you Days, often more Hours of clicking None — we do it

If you've got time and skill, DIY is real. If the site is making money or you simply don't want to spend a weekend on it, that's why we exist.

From the blog

What we're reading and writing.

All posts →

¿Sitio comprometido? Abre un encargo.

Send us what you know. You get a triage and a fixed quote in return — no obligation.

Abrir formulario →