Site Cleaning and Security Audits

Let one of our Security Analysts help you clean your infected site or inspect it for vulnerabilities.

The Wordfence Care and Response Team provides two services:

  • Hacked site cleaning.
  • Site security audit.

We currently offer the services for WordPress sites only.

The site cleaning service restores a hacked site to working order by removing malware and malicious content, investigating how the attacker gained entry, third-party blocklist/blacklist removal, and providing a checklist to protect the site from future attacks.

The security audit service is a proactive 59-point inspection that covers all aspects of running a secure WordPress site.

Both services are performed by a Wordfence Security Analyst, include a one-year Premium Wordfence license key subscription, and are backed by a one-year guarantee.

If you already have a Wordfence Premium license key then we will extend the subscription by one year.

The purpose of this page is to provide answers to common questions that may not be covered in detail on the main site cleaning and security audit pages.

The Process

Once your order has been placed then it will be placed in a queue for one of our Security Analysts to work on. Service orders are worked in the order that they are received. The first thing the Security Analyst will do is test the access credentials that you provided. If they are unable to access your site, file system, or hosting account control panel then they will let you know and put your order on hold. It is important to provide correct access credentials as quickly as possible to expedite the service.

Once a Security Analyst is available to work on your site, assuming you have provided valid credentials, the service should take two to four business hours to complete. This can vary dramatically based on technical challenges such as slow hosting resources or large file transfers. Our work should not disrupt the availability of your site during service. The analyst will transfer a copy of your site to a secure Wordfence server, where the service will take place. Once a site cleaning is completed, a clean copy of your site will be transferred back to your hosting server, replacing the hacked version of your site. Your site will be unavailable for a few seconds during this process. Once that is complete, the analyst will work to remove your site from any third-party blocklists/blacklists that your site has been added to as a result of being hacked. A detailed PDF report is then produced, providing the details of the infection removal and investigation into how the site was compromised. A detailed list of recommendations for locking down your site will be included.

The report will be delivered to you via email, and the Security Analyst who performed the service will be available for questions. In some cases, your follow-up questions or issues may be forwarded to our support team.

Turnaround Times

Service is generally completed within one business day, provided that the required access to your site has been provided. Normal service orders are worked in the order they are received.

Business hours are Monday through Friday, 8 AM to 5 PM ET (Eastern Time). Orders placed after hours, on weekends, or on public U.S. holidays will begin on the next business day or later if the estimated completion time is greater than one day. The major U.S. holidays observed are Easter, Memorial Day, Fourth of July, Labor Day, Thanksgiving, Christmas, and New Years Day. If you are unsure of the holiday schedule please consult our support team.

Priority service is available for both services for a fee. Priority service orders are started within four business hours.

High Demand Pricing

Demand for our security services fluctuates dramatically over time based on a number of factors. While we continue to work on our ability to adjust our capacity to match incoming demand, there are inevitably times when demand exceeds our maximum capacity. In these cases of very high demand, we increase prices to help ensure you receive an acceptable turnaround time. This system is called high-demand pricing, and it lets us continue to be your most reliable choice.

Price increases are expressed as a multiple, eg 1.2x. This multiple applies to both the base service cost and priority upgrade charges, if applicable.

Site Credentials

In order to provide the service, we will need access to the administrative area of your site, your file server (via Secure FTP), and hosting control panel access. We also need SSH access if it is available. This information is provided via a secure page and stored using PGP encryption. Only authorized Wordfence Security Analysts will have access to this information.

Administrative access is gained by visiting We will need a username and password with administrator level access. We recommend that you either set up a temporary user for this purpose that is deleted immediately after the service or that you change your password immediately after the service.

Access to your file system generally requires a different username and password. If you have not set up Secure FTP access to your site, you may need to work with your hosting provider to do so. We strongly recommend changing your FTP password immediately after the service.

Hosting control panel access is the username and password that you use to log in to the administrative functions for your site on your hosting provider’s site. The steps necessary to grant access will differ by hosting company. You may need to contact your hosting provider’s support team for help. We recommend changing this password immediately after the service as well.

If we are unable to secure working credentials then the service cannot be performed.


The Security Analyst assigned to provide your service will do their best to keep you informed throughout the process as necessary. If you have questions at any time then you can inquire via our ticking system at Our Security Analyst will do their best to respond to any inquiries during business hours within a reasonable time frame.


All of our security services come with a one-year guarantee, meaning that we will clean your site free of charge if it is hacked within one year of the service. All services include a written PDF report that almost always includes recommendations. The one-year guarantee requires that all recommendations have been followed.

Large Sites and Problematic Configurations

All service pricing assumes that your website is less than 10GB in size. An additional charge of $50 per 10GB will be added for sites over the limit.

We reserve the right to refuse service for hosting configurations that have been known to be problematic. We currently will not provide services for sites running on Windows Servers or running the DAP plugin. Orders placed that can not be processed will be refunded.

Servers Hosting Multiple Sites

For the purposes of these services, a site is considered a distinct installation of a CMS (WordPress). Due to the risk of cross-contamination, we are unable to provide service for selected sites hosted on the same server. Customers must either purchase service for all sites or delete or move the sites that do not require service.

Frequently Asked Questions

  • Can you clean a suspended site?

    If your hosting provider has suspended your hosting account because of a malware infection then we can still clean your site. You may need to get your hosting provider to allow connections from the IP address of the Security Analyst in charge of your cleaning order. Please purchase a site cleaning as usual. When submitting your access credentials in step two of the process then mention in the “comments” section that your site has been suspended by your hosting provider.