My client contacted me saying that Hostgator notified them of malicious files and got them to pay for the Sitelock to clean up the site. This is a wordpress site that was created a while ago and my client has no contact with the previous developer. The developer, from what I see on their plug-ins, have no backup plugins or security plug-ins. They also don’t have the original theme used.
After Sitelock removed the malicious files, I don’t see any theme and I just see short code. Everything appears to have been wiped. I have been looking on reverting changes but to no avail. I saw a lot of horror stories about Sitelocks terrible “gotcha” with the paid protection plan. My client did pay into this service.
I’m wondering if it’s worth it to try and continue trying to troubleshoot the website and revert changes or if I should create a new site and transfer the domain, get a better hosting platform, etc. Would it be worth it if I revert changes to get security plug-ins to prevent any malware? With Sitelocks track record I don’t know if any of the files it said removed are actually malicious.
My client is okay with either option.
Any advice?
[ad_2]
What shortcodes are displaying? That problem is usually fixed by installing the required theme/plugin – usually some sort of page builder.
Please provide a few sample of the shortcode, you might just need to reinstall a theme or page builder.
Often, you can search “way back machine” and put in the URL of the website. You might be able to find a backup of what the site used to look like, and you can even search the source code to find the theme. If you don’t have a backup, then I’d say go ahead and rebuild your WP site however you make it. I deal with issues like this all the time. Websites will get attacked if they are not updated often. And, make sure they have security with monthly daily backups. I even make sure CLEAN copies of a website is provided for a client on thiere own google drive. I recomend building sites with elementor or divi. custom sites ALAWAYS break up and get attacked.
That is why I recommend using paid themes / plugins, I also recommend my clients to buy lifetime subscription from me for solidwp, as it will protect them from hacking attempts.
That is the problem with most WordPress “Developers” these days.
Most of them don’t even have the slightest clue on what security is.
In my case. I came from a IT security and audit background. This is what I knew, so my strength is in Security, I then slowly learned WordPress.
Again, no 2 sites are the same, you need to understand a client and the potential for loss harm to be able to secure it accordingly.
Of course there is a base level of security, but then, depending on how mission critical a site is. I will lock it down so tight that not even the NSA can get in.