Yes, we do. If your WordPress site is hacked while hosted at Kinsta we’ll work with you for free to try and undo the damage.
Security Guarantee Limitations
Our security guarantee includes:
- An inspection of the site and a deep scan of the site’s files to identify malware.
- Repair of the WordPress core by installing a clean copy of the core files.
- Identification and removal of infected plugins and themes.
If an active plugin or theme is removed as part of the malware removal process, you will be responsible for installing and configuring a new copy of the plugin or theme after the malware removal process has been completed. Our security guarantee does not cover non-WordPress software or custom scripts.
We will do our best to fully remove malware from your site. However, by design, malware can be difficult to detect and remove. This is particularly true for infections injected into the site database. As a result, in some rare cases, a single round of malware remediation may not be sufficient. If you detect unexpected or malicious behavior after we have completed our work on your site please get back in touch with our support team and provide as many details as possible so that our malware removal specialists can make a further attempt at fully removing the infection.
How WordPress Sites are Hacked
Due to the secure design of our infrastructure, server-level compromises are extremely unlikely. Rather, sites hacked while hosted at Kinsta are infected in one of two ways:
- Exploits targeting WordPress: using outdated or poorly coded plugins and themes or using outdated versions of the WordPress core.
- Compromised credentials: an attacker captures your WordPress admin, MyKinsta, database, SSH, or SFTP credentials.
Malware Removal Process
The process of inspecting a site, scanning it for issues, and removing infections may take up to one full business day to complete. Particularly pervasive infections may require multiple rounds of inspection. In some rare cases, where a site has been corrupted beyond repair, it may necessary to restore the site using a backup.
Removing malware often produces site-breaking results as infected plugins and themes are removed. As a result, we recommend using a plugin to place the site into maintenance mode during the malware removal process.
If you encounter evidence of malicious code or site behavior contact our support team.
Steps Taken By Kinsta
There are a few mandatory steps in our malware removal process which will be completed by our Support team for every repaired site:
- The WordPress core will be reinstalled.
- SFTP, SSH, and database passwords will all be changed.
- If we discover infections in your site’s plugins or themes we will remove the infected components from the site.
Steps You Will Need to Take
Following completion of malware removal we will ask you to take several additional steps to secure your site:
- Update all plugins, themes, and the WordPress core to the latest version.
- If our Support team identified and removed any compromised themes or plugins, do not attempt to manually clean and reuse the compromised files. Download fresh copies of these components from the developer and install them on the site.
- Review all WordPress admin users and delete any that are unused or that you don’t recognize.
- Update all WordPress admin user passwords.
- Update all MyKinsta user passwords.
- Additional site-specific instructions based on the nature of the infection.
These steps should be taken within one business day after we request that they be taken. Failure to take these additional steps will mean that our Support team will be unable to remove future infections for free.
Scanning Additional Sites
Having one of your sites infected with malware can lead to concerns about possible infection of your other sites. However, because Kinsta uses a container-based hosting infrastructure, cross-contamination between sites at the server level is not possible.
This means that if there is no specific evidence that additional sites have been compromised, then there’s no reason to think they have been infected.
Inspection of sites to identify possible infections is limited to sites which exhibit specific evidence of infection. In the absence of specific evidence, we would recommend that you use a site-scanning service or plugin such as Sucuri Security to confirm that the rest of your sites have not been infected.
Infections Discovered During Migration
A deep scan of all site files is a standard step in our migration process. If we determine that your site is infected during a migration we will pause the migration and report the issue to you. At that time you will be provided two options:
- Proceed with the migration, have Kinsta remove the infection, and a $100 malware removal fee will apply.
- Cancel the migration, work with a third-party to repair the hacked site in the prior hosting environment or repair it yourself, and then reschedule the migration.