Categories

AI
1
Billing
11
Caching Guide
1
Client Portal (WHMCS)
1
Coding
38
Delegated Access
4
DIVI
4
Domains
10
Email Support
29
Facebook Ads Managment
13
Google Cloud
2
Interesting Articles
4
Invoices and Taxation
10
Legal
1
Linux Commands
1
Litespeed
3
MailGun
4
Misc
3
Office 365
4
Policies
26
Rackspace Mail
42
Resales Online Plugin
3
Scams/Phishing
8
SmarterMail
22
SmarterMail (Server Admin)
1
Standard Operating Procedures
7
Thunderbird
1
Tutorials
28
Web Design
4
Web Hosting
22
Website Care Plans
3
Wordpress
6

  Categories

  Tag Cloud

2fa 301 redirect 550-5.7.1 90 day warranty ad account ad sizes ad spend adding users admin access ads adwords align api filters api key apple mail archive archiving auto reply autodiscover autoresponder back date backdate backup email backups banner bash bcc archiving blacklisting block bots breaking up browser refresh bug report business manager cache caching capthca cash change password Charities charity chrome client portal cloud linux complaints concat config content content warnings court order pdf scam cpanel cpanel email cpanel remote mail exchanger credit card credit cards cron css custom wp config debug debug mode delegate delete mail deleted email denied disk usage warning diskcritical divi divi blog dkim dmarc dns dns cache dns only domains email email archiving email migrations email setup email support policy Employee acces envato EU cross-border transactions exchange exchange server facebook facebook ads facebook business manager Facebook invoice Facebook marketplace fail over fallback feedback filezilla ftp filter Finance Analyst firewall fix permissions fix perms folder prefix force download force ssl form emails form spam forwarding fragmentation framework ftp ftp over tls full mailbox gmail gmb godaddy google google adwords google analytics google chrome google cloud google local google maps google my business google places google sheets google webmaster tools google workspace migration grant access graphic design gravity forms greylist gsc gwmt gwt hacked wordpress header Hetzner hosting hosting migrations htaccess htaccess tips images imap imap and pop differences imap port imunify360 inbox increase limit INSERT invoice invoices ios ip iphone IPS tag IT jailed shell jerk jquery lead forms legal licenses litespeed local listings lockdown wordpress logo concepts logo design logo project logos lve mac mac mail mac marbella macmail mail app mail test mail tester many chat manychat mcc migration migration of hosting migrations mobile modsec moving ms office multiple logins mx mysql nameservers navicat networking marbella nominet office 365 office365 old php versions outage outlook outlook 2010 outlook deliverability issues owa password password protected password reset passwords pay paying cash payment failed payment policy payments paypal pdf files PDO_SQLITE permalinks permissions perms phishing phishing email photos php php 5.1 php 5.6 php 7 php 7.3 php 7.4 php info php versions phpinfo pico policies policy pop ports post launch checklist pram procedure proforma invoice public key pure ftp pure-ftp pureftp rackspace calendars rackspace mail ram receive recover recpatcha redirect refresh relay remote session remote support remove post type remove posts button reporting a bug reporting spam resales online resales online api reset resource abuse rest api root shell rsync safelist senders scam scam warning scams scans search console search folder secure cert secure wordpress security send sending lmiits sent sent items sent messages seo setup setup email shell smartermail smtp smtp port snag snag list snagging softaculous spam spamcop spams spf SQLite3 srv srv records ssh ssl ssl cert status stock stock photo storage boxes store sent messages stripe sub menu subject line swiss symfony system status tasks tax id tax invoice taxes telegram text content third party thunderbid thunderbird tls tos transmit ftp turn off two factor auth uce protect uk tax uk vat untrusted ip UPDATE update php upgrade php uptime Use Smart Addresses vacation message vat verify vertical vies vimeo warning warranty we transfer web design web hosting web project webmail webmaster tool webmaster tools whitelist whitelist sender whm whmcs windows wofeedback wordpress wordpress cache wordpress code wordpress functions wordpress log in protection wordpress scan wp bakery builder wpml wpml flags wpml site key www

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Hacked WordPress Website Recovery Policy Print

  • hacked wordpress, wordpress
  • 2

This page explains JUCRA Digital’s policy regarding hacked WordPress websites, emergency recovery assistance, and website care plan eligibility.

Provider: JUCRA Digital SL

Last Updated: 15th May 2026

Website compromises, malware infections, hacked plugins, malicious redirects, spam injections, and unauthorised access incidents are unfortunately common within the WordPress ecosystem.

JUCRA Digital may provide assistance with hacked WordPress websites depending on the client’s hosting arrangement, support plan status, and overall service relationship with us.

If your WordPress website has been hacked, you should contact us immediately before attempting random fixes, plugin removals, or restoring unknown backups.

Table of Contents

1. Free Recovery Eligibility

JUCRA Digital may repair hacked WordPress websites free of charge where all of the following conditions are met:

Hosted With JUCRA

The affected website must be hosted directly with JUCRA Digital.

Active Website Care Plan

The client must have an active JUCRA Digital Website Care Plan in place.

Established Client Relationship

The client must have maintained active services with JUCRA Digital for more than six months.

2. Website Care Plan Requirement

Website care plans exist specifically to help reduce the risk and impact of:

  • WordPress compromises
  • Plugin vulnerabilities
  • Malware infections
  • Outdated software risks
  • Security weaknesses

Care plans may include services such as:

  • WordPress updates
  • Plugin updates
  • Security monitoring
  • Backup management
  • Maintenance support

Further details regarding website care plans can be found here:

View Website Care Plans

3. Clients Without a Care Plan

If your website is hosted with JUCRA Digital but you do not have an active Website Care Plan, JUCRA Digital is under no obligation to repair or recover a hacked website.

However, as a courtesy, we may:

  • Perform an initial review of the incident
  • Assess the likely cause of compromise
  • Determine whether recovery is realistically possible
  • Offer paid recovery assistance where appropriate

In some situations, we may instead recommend that specialist malware recovery companies are used, particularly where:

  • The compromise is severe
  • Core WordPress files are heavily modified
  • Server-level compromise is suspected
  • The website has repeated reinfections
  • There is significant malware distribution involved

4. What Website Recovery May Involve

WordPress malware recovery can involve a significant amount of technical investigation and remediation work.

Recovery work may include:

  • Malware identification and cleanup
  • Removal of malicious redirects
  • Database inspection and cleanup
  • Replacement of infected WordPress core files
  • Plugin vulnerability analysis
  • Password resets
  • Security hardening
  • Backup restoration
  • Spam or blacklist investigation

5. Guide Pricing Information

Where hacked website recovery falls outside of free care plan coverage, recovery work may be chargeable depending on:

  • The severity of the compromise
  • The time required for investigation
  • The complexity of the website
  • The extent of malware infection
  • The availability of clean backups

Professional WordPress malware recovery services within the wider industry commonly range from several hundred euros upwards depending on complexity.

Any chargeable recovery work would normally be quoted after an initial review where possible.

6. Important Limitations

JUCRA Digital cannot guarantee that all hacked websites are recoverable or that all compromised data can be restored successfully.

  • Some compromises may permanently damage files or databases.
  • Third-party plugins and themes may introduce vulnerabilities outside our control.
  • Compromised administrator credentials may allow reinfection if not corrected properly.
  • Recovery success may depend heavily on available backups.
  • Website downtime may occur during investigation or recovery work.

7. Prevention & Best Practices

The best protection against WordPress compromises is proactive maintenance and security management.

Recommended best practices include:

  • Maintaining active care plans
  • Keeping WordPress updated
  • Keeping plugins updated
  • Using strong passwords
  • Limiting administrator access
  • Removing unused plugins and themes
  • Maintaining reliable backups

8. Summary

Care Plan Clients

Eligible clients with active care plans may qualify for free hacked website recovery assistance.

Non-Care Plan Clients

Recovery assistance may be limited, chargeable, or referred externally depending on the situation.

Prevention Matters

Regular maintenance, updates, backups, and security monitoring significantly reduce compromise risk.

Was this answer helpful?

Related Articles

Partnerships with JUCRA Digital SL This page explains JUCRA Digital’s general policy regarding business partnership... Cash Payment & IVA Compliance Policy This page explains JUCRA Digital’s policy regarding cash payments, VAT (IVA), invoicing, and... 90 Day Warranty This policy explains the warranty and post-launch support terms that apply to website... Client Conduct & Respect Policy This policy explains the standards of respectful communication and professional conduct... Backup Policy for Web Site Files This policy explains how JUCRA protects, stores, retains, and restores customer website and...
« Back