What happens after I open an engagement?

We confirm access, take a forensic snapshot of the filesystem and database, and start reading recent changes. Before we touch anything destructive you receive a triage note describing what we found, the scope, and a fixed quote.

What if it gets reinfected?

30-day reinfection guarantee on every Rescue cleanup. If something we missed comes back, we fix it free.

Do I have to hand over my admin login?

We need temporary access. Best case: a one-off SFTP/SSH account and a temporary WP admin user. We rotate all secrets at the end of the job and remove our access.

Do you only do WordPress?

WordPress is the focus. For anything else (WooCommerce, classic PHP, custom LAMP), ask — we'll tell you honestly if it's a fit.

Will Google trust my site again?

We submit reconsideration requests to Google Safe Browsing and the major blocklists as part of every cleanup. The timeline for delisting is set by the blocklist, not by us.

If we can't clean your site, you don't pay. We triage before quoting, so this rarely comes up — but you're never on the hook for work that didn't fix the problem.

WordPress security, done by humans

Hacked WordPress site?
We fix it.

We clean compromised WordPress sites, find how it happened, and write you a plain-English report. Friendly humans for private blogs and growing companies alike.

Obtenir de l'aide → See how it works

Written report you can hand to a client or insurer
Garantie de réinfection 30 jours on every cleanup
No clean, no pay — if we can't fix it, you don't owe us

What's happening?

If you're here, one of these is probably true.

Search warnings

Google a signalé votre site.

« Site trompeur ». Trafic envolé. Annonces suspendues. Classements en chute.

Visible to visitors

Les visiteurs voient des avertissements.

Redirections de spam. Pop-ups. Pubs douteuses. Les clients demandent si le site est sûr.

Hidden trouble

Something feels off.

A backdoor can sit in your uploads folder for months. Removing the symptom doesn't close the door.

Common cleanups

How it works

Three steps. No surprises.

What we look for

Done by hand. Top to bottom.

Scanners catch known signatures. They miss obfuscated PHP loaders, database-level injections, and credential-theft backdoors that wait. A real person reads the diffs.

Most common

Malware, backdoors, web shells

c99, WSO, FilesMan, custom loaders, eval-base64 droppers. We find them by reading every changed file, not running a signature list.

functions.php · backdoor detected

SEO spam & pharma injections

Posts, options, theme footers, database tables. Including the ones only Googlebot can see.

Visitor-side trouble

JS skimmers, cryptojackers, sneaky redirects — including the ones that only fire for Google referrers.

Hardening

wp-config lockdown, file perms, secret rotation, XML-RPC, REST API, login-surface reduction.

Vulnerability triage

Vulnerable plugin or theme triaged and patched — not just deactivated and forgotten.

Database audit

Injected admin users, orphaned options, suspect cron jobs — reviewed by hand, every time.

Blocklist removal

Reconsideration requests submitted to Google Safe Browsing, Sucuri, McAfee, Norton, Yandex — as part of every cleanup, not an upsell.

What you walk away with

Rapport forensique en clair

Suitable for handing to a client, an insurer, or keeping for your own records. Every finding, with reproduction steps and a fix.

See a sample report layout →

You're not alone

Whatever it is, we've seen it before.

WordPress sites get hit. A theme update goes sideways. A plugin you forgot about turns into a backdoor. A friend tells you their phone is showing weird ads on your site. It happens — and it's nothing to be embarrassed about.

Step one is always the same: send us what you know. We'll write back with a triage and a fixed quote.

Obtenir de l'aide → What we do

Tarifs

Two plans. No surprises.

Rescue

$279

Flat · one-time · per site

Manual cleanup, entry vector identified, written report. 30-day reinfection guarantee.

Shield

$29 / mo

Per site · cancel any time

Surveillance continue, durcissement, un nettoyage par an inclus.

Vous gérez 10+ sites ? Tarifs agences → · Tous les plans →

Frequently asked

Questions fréquentes.

Que se passe-t-il dans la première heure après votre engagement ?

Nous confirmons l'accès, prenons un instantané forensique du filesystem et de la base, et commençons à lire les changements récents. Avant toute action destructive, vous recevez une note de triage décrivant nos trouvailles, le périmètre et un devis fixe.

Et si le site est réinfecté ?

Garantie de réinfection 30 jours sur chaque nettoyage Rescue. Si quelque chose nous a échappé et revient, nous le corrigeons gratuitement. Nous fermons le vecteur d'entrée dès le premier travail, donc c'est rare.

Dois-je donner mes identifiants admin ?

Nous avons besoin d'un accès temporaire. Idéalement : un compte SFTP/SSH dédié et un compte admin WP temporaire. À la fin du travail, nous renouvelons tous les secrets et retirons notre accès. Vous pouvez révoquer à tout moment.

Faites-vous seulement WordPress ?

WordPress est notre cœur de métier. Pour le reste (WooCommerce, PHP classique, LAMP personnalisé), demandez — nous vous dirons honnêtement si ça colle.

Google fera-t-il à nouveau confiance à mon site ?

Nous soumettons des demandes de réexamen à Google Safe Browsing et aux principales blocklists lors de chaque nettoyage. Le délai de retrait est fixé par la blocklist, pas par nous.

Politique de remboursement ?

Si nous ne pouvons pas nettoyer votre site, vous ne payez rien. Nous trions avant de chiffrer, donc c'est rare — mais vous n'êtes jamais redevable d'un travail qui n'a pas résolu le problème.

Who hires us

Built for the WordPress you actually run.

We've cleaned blogs that have one post a month and shops that take a thousand orders a day. Same care, different details.

How we're different

Manual work, not a scanner subscription.

The honest comparison. Pick what fits — we'll tell you when you don't need us.

	DIY Free	Scanner plugin $5–25/mo	threatover $279 flat
Removes obvious signatures	Maybe
Finds obfuscated PHP loaders	Unlikely	Often misses
Audits the database	—	—
Identifies the entry vector	—	—
Written forensic report	—	—
Blocklist reconsideration	Your job	Your job
Garantie de réinfection	—	Varies	30 days
Time it takes you	Days, often more	Hours of clicking	None — we do it

If you've got time and skill, DIY is real. If the site is making money or you simply don't want to spend a weekend on it, that's why we exist.

From the blog

What we're reading and writing.

All posts →

Site compromis ? Démarrer une mission.

Send us what you know. You get a triage and a fixed quote in return — no obligation.

Ouvrir le formulaire →

Hacked WordPress site?
We fix it.

If you're here, one of these is probably true.

Google a signalé votre site.

Les visiteurs voient des avertissements.

Something feels off.

Three steps. No surprises.

Done by hand. Top to bottom.

Malware, backdoors, web shells

SEO spam & pharma injections

Visitor-side trouble

Hardening

Vulnerability triage

Database audit

Blocklist removal

Rapport forensique en clair

Whatever it is, we've seen it before.

Two plans. No surprises.

Questions fréquentes.

Built for the WordPress you actually run.

Independent bloggers

Small businesses

Agencies & studios

WooCommerce / e-commerce

Manual work, not a scanner subscription.

What we're reading and writing.

Burst Statistics auth bypass (CVE-2026-8181): exploited in the wild

Someone bought 30 WordPress plugins and backdoored all of them

One million WordPress sites: arbitrary file read and SQL injection

Site compromis ? Démarrer une mission.

Hacked WordPress site?We fix it.

If you're here, one of these is probably true.

Google a signalé votre site.

Les visiteurs voient des avertissements.

Something feels off.

Three steps. No surprises.

Done by hand. Top to bottom.

Malware, backdoors, web shells

SEO spam & pharma injections

Visitor-side trouble

Hardening

Vulnerability triage

Database audit

Blocklist removal

Rapport forensique en clair

Whatever it is, we've seen it before.

Two plans. No surprises.

Questions fréquentes.

Built for the WordPress you actually run.

Independent bloggers

Small businesses

Agencies & studios

WooCommerce / e-commerce

Manual work, not a scanner subscription.

What we're reading and writing.

Burst Statistics auth bypass (CVE-2026-8181): exploited in the wild

Someone bought 30 WordPress plugins and backdoored all of them

One million WordPress sites: arbitrary file read and SQL injection

Site compromis ? Démarrer une mission.

Hacked WordPress site?
We fix it.