Site Cleaning and Security Audits

Let one of our Security Analysts help you clean your infected site or inspect it for vulnerabilities.

The Wordfence Security Services Team provides two services: site cleaning and security audits. We currently offer the services for WordPress and Joomla sites only. The site cleaning service restores hacked websites to working order by removing malware and malicious content, investigating how the attacker gained entry, blacklist removal and providing a checklist to protect your site from future attacks. The security audit service is a proactive 59-point inspection that covers all aspects of running a secure website. Both services are performed by a Wordfence Security Analyst, include a 1 year Premium Wordfence subscription and are backed by a 90 day guarantee.

If you already have a Wordfence Premium license we will extend it by 1 year.

The purpose of this page is to provide answers to common questions that may not be covered in detail on the main site cleaning and security audit pages.

The Process

Once your order has been placed it will be placed in a queue for one of our Security Analysts work on. Service orders are worked in the order they are received. The first thing the Security Analyst will do is test the credentials you provided. If they are unable to access your site, file system or control panel they will let you know and put your order on hold. It is important to provide correct credentials as quickly as possible to expedite service.

Once a resource is available to work on your site, assuming you have provided valid credentials, service should take two to four business hours. This can vary dramatically based on technical challenges such as slow hosting resources, large file transfers, etc.. Our work should not disrupt the availability of your site during service. The analyst will download a copy of your site to a secure Wordfence server, where the service will take place. Once a site cleaning is completed, a clean copy of your site will be transferred to your hosting server, replacing the hacked version of your site. Your site will be unavailable for a few seconds during this process. Once that is complete the analyst will work to remove your site from any blacklists your site has been added to as a result of being hacked. A detailed report is then produced, providing the details of the infection removal and investigation into how the site was compromised. A detailed list of recommendations for locking down your site will be included.

The report will be delivered to you via email, and the security analyst who performed the service will be available for questions. In some cases your follow up questions or issues may be forwarded on to our support team.

Turnaround Times

Service is generally completed within one business day, provided that proper access to your website has been provided. Normal service orders are worked in the order they are received. Order volume surges do occur, slowing down turn-around times. In those cases we update the estimated completion time on the checkout page for the service.

Business hours are Monday through Friday, 8am to 5pm ET. Service Orders placed after hours, on weekends, and on holidays will begin on the next business day or later if the estimated completion time is greater than one day. The major U.S. holidays observed are Easter, Memorial Day, Fourth of July, Labor Day, Thanksgiving, Christmas and New Years Day. If you’re unsure of the holiday schedule please consult our support team.

Priority service is available for both services for a fee. Priority service orders are started within two business hours.

Site Credentials

In order to provide service, we will need access to administrative area of your website, your file server (via Secure FTP) and control panel access. We also need SSH access if available. This information is provided via a secure page and stored using PGP encryption. Only authorized Wordfence Security Analysts will have access to this information.

Administrative access is gained by visiting yourwebsite.com/wp-admin. We will need a username and password with administrator level access. We recommend that you either set up a temporary user for this purpose that is deleted immediately after service or that you change your password immediately after service.

Access to your file system generally requires a different username and password. If you have not set up Secure FTP access to your site, you may need to work with your hosting company to do so. We strongly recommend changing your FTP password immediately after service.

Control panel access is the username and password that you use to log in to the administrative functions for your website on your hosting company’s website. The steps necessary to grant access will differ by hosting company. You may need to contact your hosting company’s support team for help. We recommend changing this password immediately after service as well.

If we’re unable to secure working credentials service cannot be performed.

Communication

The Security Analyst assigned to provide your service will do their best to keep you informed throughout the process as necessary. If you have questions along the way you can inquire via our ticking system at support.wordfence.com. Our analysts do their best to respond to inquiries during business hours within a reasonable time frame.

Guarantee

All of our security services come with a 90 day guarantee, meaning we will clean your site free of charge if it is hacked within 90 days of service. All services include a written report that almost always includes recommendations. The 90 day guarantee requires that all recommendations have been followed.

Large Sites and Problematic Configurations

All service pricing assumes that your website is less than 10GB in size. An additional charge of $50 per 10GB will be added for sites over the limit.

We reserve the right to refuse service for hosting configurations that have been known to be problematic. We currently will not provide services for sites running on Windows Servers or running the DAP plugin. Orders placed that can not be processed will be refunded.

Servers Hosting Multiple Sites

For the purposes of these services, a site is considered a distinct installation of a CMS (WordPress or Joomla). Due to the risk of cross-contamination, we are unable to provide service for selected sites hosted on the same server. Customers must either purchase service for all sites or delete or move the sites that do not require service.