WordPress security FAQ

SOS cleanup starts with the selected WebShield package. In SOS cases we charge an additional 10,000 HUF + VAT emergency fee and start work immediately. The monthly or annual fee depends on the package and the number of websites.

Usually we can reach a clean, working state within 1-2 hours. Our record is 7 minutes, but that is not realistic in every case. The main factor is whether the WebShield plugin can be installed, or whether the site first needs manual FTP-level recovery.

During the WebShield subscription we think in continuous protection, not one-time cleanup. If reinfection happens, advanced logging helps us find the entry point, clean the site again and close the route used by the attack.

A security plugin alone is only a tool. WebShield is a managed service: plugin, logging, firewall, backups, update control, alerts, expert analysis, cleanup and recovery are handled together.

If the client can log in to WordPress admin and install the WebShield plugin, we do not need credentials. If the admin area is unavailable, the site errors out or the infection blocks operation, FTP/SFTP, hosting panel or database access may be needed for manual recovery.

Not by itself. Backup is essential, but it does not prevent hacking and does not always show when the infection started. You also need update control, firewall, permissions, malware checks and alerts.

It depends on how often the site changes. A static brochure site may be fine with daily backups, but a webshop, lead generation site or active content site should use hourly or 2-hourly backups.

Sometimes it helps, but it is not reliable. Attackers can modify or hide timestamps, and infections may live in the database, cache, uploads directory or files disguised as legitimate code.

Usually because only the visible malware was removed while the entry point remained. WebShield's logging system helps identify where the infection started, so we can handle the root cause, not only the symptom.

Updates are important, but not enough. Many infections arrive through XML-RPC, the admin area or leaked passwords. WebShield's managed update system also detects if an update breaks the site and can restore the previous working version.

Yes, strongly recommended. Two-factor authentication stops many attacks caused by stolen, reused or phished passwords, especially for admin, editor, agency and developer accounts.

Passwords should be unique, long, not reused and preferably generated by a password manager. Admin accounts should combine this with two-factor authentication and regular user reviews.

It means the system does not only rely on static rules, but also evaluates patterns, unusual behavior and suspicious changes. This can help detect attacks that do not match a known signature exactly.

At minimum: admin logins, failed login attempts, plugin/theme changes, permission changes, file changes, critical settings, security alerts and HTTP requests. HTTP logs help filter unusual traffic and suspicious request patterns.

Cleanup should be followed by protection. A plugin vulnerability, leaked password or new attack can bring the infection back. This is why WebShield guarantees security during the subscription: cleanup is followed by updates, permission review, firewall, backups, alerts and regular checks.

Use a consistent process for updates, backups, permissions and incident response. Central visibility, separate client access, reporting and fast restore capability are essential.