Hours to Seconds: How Paul Lacey Cleans Malware Instantly with WP Remote

Security was (and is) misunderstood

Agencies know that security is important, but are rarely experts. 

“Agencies I was working for were aware, and were like, hey how can we put some kind of security in this? They were not experts, so we were just Googling or looking on WordPress forums what’s a good security solution.”

Often, this leads to solutions like changing the login page URL or the database prefix. Security via obscurity measures, like these, is high-effort and low-impact. 

Malware is a ticking time bomb

Malware will stay hidden for as long as possible. If a site isn’t scanned regularly, the symptoms will show up as anomalies or glitches. 

“Most malware is trying to get in there, and stay hidden for a few months. And then start secretly doing stuff to use the resources of your server.”

Eventually, the malware spreads to all areas of the site. If not caught early, there is little chance of recovery. 

Hacks completely destroy sites

“I remember a website that got infected. I took a look using SFTP, and every single file—every single PHP file—was completely wrecked. Completely infected.”

At this stage of infection, the list of options is very short. Malware can do so much damage to an existing website, it can be unrecoverable. Backups become its last chance.

“They didn’t have any backups older than 30 days; and this had been going on for a long, long time. Something had just gone in there, and spread throughout the whole website. Finally, the website stopped working. It was defaced. The website was dead. There was nothing to be done. I don’t think even a security expert could have cleaned up the website. Everything was wiped or deleted, or code was entirely rewritten. Just a total nightmare.”

Early malware alerts by WP Remote is a saviour

Hackers want malware to stay hidden as far as possible, for as long as possible. That’s why malware scanners that can detect malware anywhere on the site? Worth their weight in gold.

“It’s less like that these days. A malware infection isn’t like a skull and crossbones, and some flashing text. It seems to be less about defacing websites, and more about using your server resources and brand name to scam people. But if you get it early, it’s no big deal.”

Never lose days to disasters

If you use a similar plugin stack across websites, and one develops a vulnerability, you’re toast. Agencies are typically looking at 100s of websites with the same vulnerability.

If it’s a zero-day attack, you are going to lose a lot of resources that month. Either in developer hours, which could have gone into getting more revenue; or having to hire expensive security experts to deal with the malware.  

Not to mention…

Deal with client panic

“Not only will it derail the developers who are working on it, all of the account managers have to keep the clients calm, while they’re freaking out about their websites.”

Customers don’t want to wake up to a site that vanished, defaced, losing traffic, lost SEO, or any of the horrible consequences of malware. They will, understandably, be very upset. 

And it becomes your responsibility to fix it—as fast as possible.

Don’t lose developers to disasters

You know what happens when people deal with disasters all the time? They quit.

“Whether it is a website disaster or a Google Ads campaign, daily disasters destroy the employees’ sense of happiness in work. I’ve seen plenty of people quit their jobs or even careers, simply because their day was full of putting out fires that didn’t need to happen.”

Full site security audit in minutes

When taking on a website from another agency, you never know what state it is going to be in. What needs to be done? Updates, malware removal, SSL certificate renewal. The list is endless—and time-consuming.

“Basically, you get a situation where it is like a neglected garden. Nobody’s looking after it, there’s just weeds everywhere, and there’s wild animals living there as well. The website is often in a bad situation, and you need to clear it up. So I run it through WP Remote.”

WP Remote’s sync finds the most important information in minutes. 

“Make sure it’s not infected, for starters. Get rid of any malware instantly if it is. Then, usually, it’s on some older version of php. So you can set up a staging site, and test that everything works, if you update everything.”

You can then make a decision confidently: save the site, or pitch a new one.

“Essentially, you can say this website is now safe for us to take on. Although, sometimes a website is such a mess, you have to say there’s no hope for this website. It’s gone too long without maintenance.”