Emergency: WooCommerce site compromised (SEO spam indexed) — Incident Response + Security Hardening + Google deindex cleanup

Summary: Our WooCommerce WordPress site is down/unstable and appears compromised. Google has indexed spam pages on our domain (casino/hacking content). We need a true incident response: identify root cause, remove malware/backdoors, patch the entry point, harden server/WP, and clean up Google indexing. Scope (must deliver all): Containment + Backup - Put site in maintenance mode (or isolate) to stop further damage - Full filesystem + database backup before changes Forensics / Root Cause - Review server access logs (web, auth, FTP/SFTP) where available - Identify initial infection vector (plugin/theme vulnerability, credential leak, file upload, etc.) - Provide a short written root-cause report Malware Removal + Remediation - Remove injected files/backdoors (including wp-content, mu-plugins, uploads, cron jobs, .htaccess, wp-config modifications) - Clean database injections (options table, posts, hidden admin users, malicious redirects) - Verify integrity against clean WP core checksums Hardening - Update WP core/plugins/themes; remove unused and any nulled assets - Enforce strong auth: 2FA for admins, disable XML-RPC if not needed, limit login attempts - File permissions lockdown; disable PHP execution in uploads - Install + configure WAF (Cloudflare or equivalent) + security monitoring - Configure automated daily backups + restore test plan SEO / Google cleanup - Generate list of spam URLs currently indexed - Ensure spam URLs return 410 Gone (or correct 404) and are removed from sitemaps - Search Console: submit removals (temporary) + request reindex after cleanup - Provide documentation of steps taken Deliverables / Acceptance Criteria: - Site loads reliably; checkout + cart + payment tested - No new spam URLs generated after 72 hours monitoring - Clean results on malware scanners (Wordfence scan + at least one external scanner) - Written report: root cause, what was removed, what was patched, what protections added - Google Search Console actions completed and documented Access rules (non-negotiable): - Work in staging if possible - Temporary accounts only; no shared passwords - All changes documented Budget: fixed price preferred with milestones (see below). Milestones (pay only on completion): 1. Containment + backups + initial findings 2. Root-cause report + full cleanup complete on staging 3. Production deploy + hardening complete + checkout tested 4. SEO cleanup complete + monitoring handover

Project ID: 40259562