• I don’t write reviews often and I wait a while before I write them. If you have been hacked and you have multiple sites on your server, you need to read this.

    First of all, you will need to give wordfence control panel access, ftp access and WordPress admin access. You need to trust them a lot just to use them. If you have multiple sites, they want access to everything.

    A week after hiring them to solve my hacking issue, they informed me they wouldn’t fix my site unless they fixed each and every site on my account. It didn’t matter if the sites were uneffected, it didnt matter if they hadn’t had a file changed for 6 months. This is their policy. Take it or leave it.

    My site was hacked and I wanted it back up. I told support I would pay to have all my sites fixed but I wasn’t happy about it and I considered this extortion. To me, they were holding my site hostage unless I paid for more services than I wanted or needed and it didnt seem right.

    They could have scanned the other sites (one of which is 3 pages), said they were hacked (or not) and I would have considered them heroes. Instead, they refused to fix my site (due to th extortion comment) and refunded my money. Take this as freedom to work for whom you choose, an admission of guilt or just a bad policy, your choice.

    On the flip side, the free plugin is very useful for tracking down infected files, which you can replace yourself and is easier than you think.

Viewing 1 replies (of 1 total)
  • Plugin Author WFSupport


    I completely understand your frustration. I’ll be happy to explain.

    We need access to those things, as any site cleaner would, to be able to make sure your websites are cleaned. There are things like access and error logs not available to us in the WordPress backend. We have a better chance of examining files, editing bad code, etc with that access. Any site cleaner worth their title will ask for these.

    Even though the other websites on your shared server may not appear to be infected, there is always a possibility that malware could be in other directories within the hosting account. Because of this, it’s our policy to clean every instance of a full-fledged web application in the account, since one infected website can easily infect all the others. We also need to be sure the entire account is clean in order to provide our 90-day guarantee. When we do a site cleaning we don’t just point a tool at your site and kick off a cleaning that may get everything, may miss things, or may remove things that shouldn’t be. A trained analyst actually manually examines your site files to be sure that when we say the site is clean it is clean. If we don’t look over the other sites in the hosting account we cannot say that. That’s just not possible with any certainty. I hope this makes sense, but let me know if you have any further questions.

    As to the ‘holding you hostage’ comment we merely told you the options you had.

    • You could have removed the extra sites. In the case that the sites were backup copies, this is usually the best way to handle it.
    • You could have added the sites to the order. This is a good bargain because it’s only $99 per extra site and comes with a premium license
    • You could cancel the order entirely.

    We chose the last option for you because you kept calling us extortionists and clearly were not happy. This freed you up to engage whoever you wished to clean your website.

    We do hope you were able to get your website cleaned.


Viewing 1 replies (of 1 total)
  • The topic ‘Wordfence Warning’ is closed to new replies.