Hours to Seconds: How Paul Lacey Cleans Malware Instantly with WP Remote
Spending hours maintaining client sites?
WP Remote will streamline your WordPress maintenance process and save you at least 4 hours per site every week.

Challenges
Results
Security was (and is) misunderstood
Agencies know that security is important, but are rarely experts.
“Agencies I was working for were aware, and were like, hey how can we put some kind of security in this? They were not experts, so we were just Googling or looking on WordPress forums what’s a good security solution.”
Often, this leads to solutions like changing the login page URL or the database prefix. Security via obscurity measures, like these, is high-effort and low-impact.
The trifecta for site security is a firewall for protection, a scanner for detection, and a cleaner for mitigation.
Malware is a ticking time bomb
Malware will stay hidden for as long as possible. If a site isn’t scanned regularly, the symptoms will show up as anomalies or glitches.
“Most malware is trying to get in there, and stay hidden for a few months. And then start secretly doing stuff to use the resources of your server.”
Eventually, the malware spreads to all areas of the site. If not caught early, there is little chance of recovery.
“10 years or so ago, before tools like WP Remote, a lot of websites ended badly because of malware.”
Paul Lacey
Hacks completely destroy sites
“I remember a website that got infected. I took a look using SFTP, and every single file—every single PHP file—was completely wrecked. Completely infected.”
At this stage of infection, the list of options is very short. Malware can do so much damage to an existing website, it can be unrecoverable. Backups become its last chance.
“They didn’t have any backups older than 30 days; and this had been going on for a long, long time. Something had just gone in there, and spread throughout the whole website. Finally, the website stopped working. It was defaced. The website was dead. There was nothing to be done. I don’t think even a security expert could have cleaned up the website. Everything was wiped or deleted, or code was entirely rewritten. Just a total nightmare.”
Early malware alerts by WP Remote is a saviour
Hackers want malware to stay hidden as far as possible, for as long as possible. That’s why malware scanners that can detect malware anywhere on the site? Worth their weight in gold.
“It’s less like that these days. A malware infection isn’t like a skull and crossbones, and some flashing text. It seems to be less about defacing websites, and more about using your server resources and brand name to scam people. But if you get it early, it’s no big deal.”
Never lose days to disasters
If you use a similar plugin stack across websites, and one develops a vulnerability, you’re toast. Agencies are typically looking at 100s of websites with the same vulnerability.
“Everybody’s got a plan of the things that they want to get done. Something like that completely derails your entire day.”
Paul Lacey
If it’s a zero-day attack, you are going to lose a lot of resources that month. Either in developer hours, which could have gone into getting more revenue; or having to hire expensive security experts to deal with the malware.
Not to mention…
Deal with client panic
“Not only will it derail the developers who are working on it, all of the account managers have to keep the clients calm, while they’re freaking out about their websites.”
Customers don’t want to wake up to a site that vanished, defaced, losing traffic, lost SEO, or any of the horrible consequences of malware. They will, understandably, be very upset.
“Everyone’s losing money. Everybody’s stressed out.”
Paul Lacey
And it becomes your responsibility to fix it—as fast as possible.
Don’t lose developers to disasters
You know what happens when people deal with disasters all the time? They quit.
“Whether it is a website disaster or a Google Ads campaign, daily disasters destroy the employees’ sense of happiness in work. I’ve seen plenty of people quit their jobs or even careers, simply because their day was full of putting out fires that didn’t need to happen.”
Full site security audit in minutes
When taking on a website from another agency, you never know what state it is going to be in. What needs to be done? Updates, malware removal, SSL certificate renewal. The list is endless—and time-consuming.
“Basically, you get a situation where it is like a neglected garden. Nobody’s looking after it, there’s just weeds everywhere, and there’s wild animals living there as well. The website is often in a bad situation, and you need to clear it up. So I run it through WP Remote.”
WP Remote’s sync finds the most important information in minutes.
“Make sure it’s not infected, for starters. Get rid of any malware instantly if it is. Then, usually, it’s on some older version of php. So you can set up a staging site, and test that everything works, if you update everything.”
You can then make a decision confidently: save the site, or pitch a new one.
“Essentially, you can say this website is now safe for us to take on. Although, sometimes a website is such a mess, you have to say there’s no hope for this website. It’s gone too long without maintenance.”
Tags:
Share it:
You may also like

How Daniel Used Visual Regression Make Updates A Superpower
WP Remote’s visual regression caught a 0.03% variance after an update. Daniel was going about his day as usual, when WP Remote’s support team reached out to him. One of…

How Daniel Used Reports to Stop Customer Churn
Figuring out the problem: why customers were leaving. Customer churn is a part and parcel of doing business. Nevertheless, it is always a cause for concern. “During the first part…

One-Click Hack Cleanups: How Daniel Duke Finds and Cleans Malware in Seconds
I’m thrilled to have a security option that is affordable and works all kinds of magic for me.
Dealing with hacks every week?
Find out how WP Remote can help you save hours of your developer’s bandwidth every week. We are always happy to help.