Business Website · 2024
Mediacontent
Malware cleanup, security audit, and a full refactor of a hacked WordPress site — before the actual project could even begin
Brought in via Weevers Content to finish a custom WordPress site that had been started by a junior developer. Before I could begin the real work, the site was hit by a hack that installed Russian gambling malware across the entire installation. We recovered from a pre-hack backup, scanned and verified it clean, audited every security and code issue, and refactored the codebase before deploying to production.
This project started before it started.
The site had been built by a student developer doing a side job alongside his studies — well-intentioned but with the gaps in security knowledge you'd expect. By the time I was brought in to finish it, the codebase had incomplete features, serious security vulnerabilities, and performance problems throughout.
The hack Before I could write a single line of new code, those vulnerabilities were exploited. The entire site was infected with malware — visiting any page triggered a full-screen popup in Russian pushing gambling sites. The infection had spread through the whole installation.
Recovery The client had a backup from before the breach. We restored it, then ran a thorough malware scan to verify the backup itself was clean before touching anything. Once confirmed safe, we systematically identified every security hole that had allowed the attack — outdated dependencies, insecure file permissions, unvalidated inputs, exposed configuration — and closed them all.
Refactor and completion With a clean, secure foundation in place, I refactored the existing code to address the performance issues and the parts the original developer had left incomplete. The site was then finished and deployed to the live environment.