Skip to content
Evidence before deletion

WordPress Malware Cleanup Workflow

Challenge

Hacked WordPress sites need cleanup without destroying legitimate files or data.

Solution

A repeatable, defensive workflow that puts evidence and backups before deletion.

Technical approach

Isolate, snapshot files and database, verify core checksums, scan plugins/themes/uploads, inspect the database for spam, confirm real malware vs false positives, clean carefully, then harden (WAF, 2FA, disable file editing) and monitor.

Stack

WP-CLI, Core Checksums, WAF, 2FA

Result

A safe, defensible cleanup process. Note: security work reduces risk but cannot guarantee a site is never attacked again.