Site Cleaning and Security Audits

Let one of our Security Analysts help you clean your infected site or inspect it for vulnerabilities.

The Wordfence Security Services Team provides two services: site cleaning and security audits. We currently offer the services for WordPress sites only. The site cleaning service restores hacked websites to working order by removing malware and malicious content, investigating how the attacker gained entry, third-party blocklist/blacklist removal and providing a checklist to protect your site from future attacks. The security audit service is a proactive 59-point inspection that covers all aspects of running a secure website. Both services are performed by a Wordfence Security Analyst, include a 1 year Premium Wordfence subscription and are backed by a 1-year guarantee.

If you already have a Wordfence Premium license we will extend it by 1 year.

The purpose of this page is to provide answers to common questions that may not be covered in detail on the main site cleaning and security audit pages.

The Process

Once your order has been placed it will be placed in a queue for one of our Security Analysts work on. Service orders are worked in the order they are received. The first thing the Security Analyst will do is test the credentials you provided. If they are unable to access your site, file system or control panel they will let you know and put your order on hold. It is important to provide correct credentials as quickly as possible to expedite service.

Once a resource is available to work on your site, assuming you have provided valid credentials, service should take two to four business hours. This can vary dramatically based on technical challenges such as slow hosting resources, large file transfers, etc.. Our work should not disrupt the availability of your site during service. The analyst will download a copy of your site to a secure Wordfence server, where the service will take place. Once a site cleaning is completed, a clean copy of your site will be transferred to your hosting server, replacing the hacked version of your site. Your site will be unavailable for a few seconds during this process. Once that is complete the analyst will work to remove your site from any third-party blocklists/blacklists your site has been added to as a result of being hacked. A detailed report is then produced, providing the details of the infection removal and investigation into how the site was compromised. A detailed list of recommendations for locking down your site will be included.

The report will be delivered to you via email, and the security analyst who performed the service will be available for questions. In some cases, your follow up questions or issues may be forwarded on to our support team.

Turnaround Times

Service is generally completed within one business day, provided that proper access to your website has been provided. Normal service orders are worked in the order they are received.

Business hours are Monday through Friday, 8am to 5pm ET. Service Orders placed after hours, on weekends, and on holidays will begin on the next business day or later if the estimated completion time is greater than one day. The major U.S. holidays observed are Easter, Memorial Day, Fourth of July, Labor Day, Thanksgiving, Christmas and New Years Day. If you’re unsure of the holiday schedule please consult our support team.

Priority service is available for both services for a fee. Priority service orders are started within four business hours.

High Demand Pricing

Demand for our security services fluctuates dramatically over time based on a number of factors. While we continue to work on our ability to adjust our capacity to match incoming demand, there are inevitably times when demand exceeds our maximum capacity. In these cases of very high demand, we increase prices to help ensure you receive an acceptable turnaround time. This system is called high demand pricing, and it lets us continue to be your most reliable choice.

Price increases are expressed as a multiple, eg 1.2x. This multiple applies to both the base service cost and priority upgrade charges, if applicable.

Site Credentials

In order to provide service, we will need access to administrative area of your website, your file server (via Secure FTP) and control panel access. We also need SSH access if available. This information is provided via a secure page and stored using PGP encryption. Only authorized Wordfence Security Analysts will have access to this information.

Administrative access is gained by visiting We will need a username and password with administrator level access. We recommend that you either set up a temporary user for this purpose that is deleted immediately after service or that you change your password immediately after service.

Access to your file system generally requires a different username and password. If you have not set up Secure FTP access to your site, you may need to work with your hosting company to do so. We strongly recommend changing your FTP password immediately after service.

Control panel access is the username and password that you use to log in to the administrative functions for your website on your hosting company’s website. The steps necessary to grant access will differ by hosting company. You may need to contact your hosting company’s support team for help. We recommend changing this password immediately after service as well.

If we’re unable to secure working credentials service cannot be performed.


The Security Analyst assigned to provide your service will do their best to keep you informed throughout the process as necessary. If you have questions along the way you can inquire via our ticking system at Our analysts do their best to respond to inquiries during business hours within a reasonable time frame.


All of our security services come with a 1-year guarantee, meaning we will clean your site free of charge if it is hacked within 1 year of service. All services include a written report that almost always includes recommendations. The 1-year guarantee requires that all recommendations have been followed.

Large Sites and Problematic Configurations

All service pricing assumes that your website is less than 10GB in size. An additional charge of $50 per 10GB will be added for sites over the limit.

We reserve the right to refuse service for hosting configurations that have been known to be problematic. We currently will not provide services for sites running on Windows Servers or running the DAP plugin. Orders placed that can not be processed will be refunded.

Servers Hosting Multiple Sites

For the purposes of these services, a site is considered a distinct installation of a CMS (WordPress). Due to the risk of cross-contamination, we are unable to provide service for selected sites hosted on the same server. Customers must either purchase service for all sites or delete or move the sites that do not require service.

Frequently Asked Questions

  • Can you clean a suspended site?

    Yes. If your host has shut down your hosting account because of a malware infection, we can still clean it. You may need to get your host to allow connections from the IP of the Security Analyst in charge of your case. Please purchase a site cleaning as usual and when submitting credentials in step two of the process, mention in the “comments” section that your site has been shut down by the host.