Audit and treatment of the WordPress site from spam and hacking

Cybersecurity & Data Protection
Job 1 of 16
About the project: An online store on WordPress (WooCommerce) with the Polylang multilingual plugin and Elementor page builder installed.
Problem: The site suffered a hacker attack. The attackers injected malicious code into the database, created spam pages en masse for SEO phishing, and left hundreds of spam comments, threatening the site's removal from Google's search index and blocking by the hosting provider.

Task complexity
Malicious scripts were deeply integrated into the content of legitimate pages, Elementor meta fields, plugin settings, and WooCommerce cache (wc_remote_inbox_notifications_specs). Direct removal through text editors threatened to disrupt the structure of serialized PHP data (format a:34:{...}), which would completely break the functionality of the plugins.

What I did (Step-by-step process):
Deep audit and threat localization:
I wrote a comprehensive SQL script with the UNION ALL operator to simultaneously scan all key tables in the database (wp_posts, wp_options, wp_postmeta, wp_termmeta, wp_comments). This allowed for accurate identification of the extent of the infection and finding hidden virus tails.

Content and settings cleanup:
Using targeted SQL REPLACE queries, I completely cleaned the malicious code from the texts of pages and posts while preserving all language versions of the site (Polylang).

Safely removed the infected WooCommerce marketing cache, which contained embedded destructive links, preventing damage to the database structure.

Removal of debris and consequences of the spam attack:
Irrevocably deleted 19 malicious spam pages created by bots.
Completely cleared the comments table of hundreds of spam reviews.

Final quality control (QA):
Conducted a re-audit of the database with my own script. Result — complete zeros across all infection indicators. The database is 100% cleaned. After that, I performed a full cache reset at the plugin and server level to close access to old copies of pages for search bots.

Result:
The site was completely cleared of viruses and spam without losing the functionality of the plugins and Elementor.

All orders, products, and site settings were preserved.

The domain's reputation in search engines (Google) was protected, and the risk of the site being blacklisted was eliminated.

The client received a clean site and a transparent report with the results of the "before/after" check.