Evidence before deletion
WordPress Malware Cleanup Workflow
Challenge
Hacked WordPress sites need cleanup without destroying legitimate files or data.
Solution
A repeatable, defensive workflow that puts evidence and backups before deletion.
Technical approach
Isolate, snapshot files and database, verify core checksums, scan plugins/themes/uploads, inspect the database for spam, confirm real malware vs false positives, clean carefully, then harden (WAF, 2FA, disable file editing) and monitor.
Stack
WP-CLI, Core Checksums, WAF, 2FA
Result
A safe, defensible cleanup process. Note: security work reduces risk but cannot guarantee a site is never attacked again.