Hi.
Thanks for your thoughts. I’d like a chance to point a few things out that you might be misunderstanding.
You say that Wordfence identified your twentyseventeen theme’s functions.php as malware. What the alert probably said was that we found malware in the functions.php file. This is entirely possible because hackers like to call files from inside the functions file. This happens even if the theme isn’t active on the site. What you probably don’t have checked in the scan options is “Scan theme files against repository versions for changes” which would show you exactly what is different from the original file and what is in the file currently installed on your site. If you have that option checked – available in the free version – all you need to do is click ‘repair‘ to restore the correct version of the file. No need to purchase a cleaning at all
Speaking to that point, you can use Wordfence to clean your site yourself with no need to purchase anything. There is a guide available here that can help walk you through the process.
Make sure and get all your plugins and themes updated and update WordPress core too. If you are on an older branch (WordPress 4.x etc) because you wanted to wait before installing the latest version because of Gutenberg or a custom theme compatibility issue you still need the latest update in that version. Those can be found here:
https://www.ads-software.com/download/releases/
WordPress has patched their older releases because of a vulnerability that was found in the past so make sure to update your version if needed.
As a rule, any time I think someone’s site has been compromised I also tell them to change their passwords for their hosting control panel, FTP, WordPress admin users, and database.
Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.
Yes, we do have a site cleaning team and we do charge when we clean a customer’s site. It’s a manual process that involves a senior security analyst using various tools (some commercial and some developed in-house) and even manually inspecting files and logs, so they can see how you got infected in the first place. It doesn’t make sense to fix the symptom (your hacked site) if they don’t fix the root issue (how the hacker got in). All of that costs time and money and I’m sure if you look around you’ll find that no other company offers such a robust plugin for free and adds free site cleanings. It’s just not possible.
Lastly, I can’t seem to find a post where you report the issue, ask for help, etc. We would have been more than happy to post this to you so you could get your site cleaned faster. Posting a negative review without even asking for help seems rather unfair to me.
Tim
