Servizio · WordPress support
WordPress support
When WordPress ends up in the hands of too many providers, the problem is no longer just technical: it's a chain of offloaded responsibilities. A badly updated plugin, shared hosting pulled to the limit, a theme full of patches, backups never verified.
I intervene on the precise point: malware, redirects, admin crashes, conflicts, slowness, SSL, permissions, database. First we isolate the damage, then restore, close the hole and leave a readable trace of what was done.
No agency theater. No six-handed meetings. Diagnosis, intervention, final check. Period.
01 — Awareness
WordPress doesn't break by itself
Usually it gets broken by hand-offs, accumulated plugins, and hosting chosen out of inertia.
- 01
Malicious redirects
The site looks online, but takes users and search engines to suspicious content. Meanwhile Google flags problems, reputation drops, and nobody knows where the infection started.
- 02
Plugins out of control
Page builders, addons, cache plugins, security plugins, plugins to fix other plugins. At some point one update is enough and admin, front-end or checkout breaks.
- 03
Chronic slowness
TTFB over three seconds, pages exceeding five seconds, dirty database and heavy queries. It's not the visitor's fault. It's WordPress left to grow without control.
02 — What you get
6 features- 01
Tracked malware cleanup
Removal of infected files, malicious redirects, suspicious users, backdoors and code inserted in the worst spots. The site gets restored starting from evidence, not from blind attempts.
- 02
Serious security hardening
Firewall, 2FA, file permissions, editor lockdown, login limitations and checks on sensitive areas. WordPress doesn't become invincible, but it stops being wide open.
- 03
Isolated plugin conflicts
Analysis of plugins, theme, PHP logs and browser console to understand who breaks what. We intervene on the real conflict, without disabling half the site hoping it passes.
- 04
Real performance tuning
Cache, slow queries, heavy autoload, dirty tables, cron out of control and badly loaded assets. Slowness isn't covered by adding another plugin: it's measured and corrected.
- 05
Readable security audit
Check of access, plugins, theme, permissions, server configuration, HTTPS, backups and compromise signals. The report says what's critical, what's fragile, what to do.
- 06
Clean SSL migration
Switch to HTTPS with mixed content verification, redirects, canonicals, images, forms and external calls. No broken padlock, no pages losing resources along the way.
03 — How I work
5 phases- 01
Discovery call
30 free minutes to understand the real need. I listen, ask questions, take notes. No cold quotes: I need to know what you're actually building first.
- 02
Quote
Flat fee with clear scope, timeline and costs. No surprises: if something falls out of scope I tell you upfront, not when the invoice lands.
- 03
Design / Strategy
Wireframes, moodboard or audit with action plan — depends on the service. You see the direction before any code or content gets touched.
- 04
Build
Development, technical work or operational execution. Agreed check-ins along the way, none of that "let's sync end of month".
- 05
Launch & follow-up
Go-live + 30 days of assistance included. Documentation, training if needed, and an open door for the small things later.
04 — AFTER INTERVENTION
WordPress has to be closed, not just put back online
Putting a compromised WordPress back online is the easy part. The useful part is preventing it from returning identical to the starting point: same plugins left there, same saturated shared hosting, same forgotten admin accounts, same badly written permissions. After cleanup, recovery or tuning, the work expands where needed: hardening, backup verification, plugin review, HTTPS, database, logs, cache and access. If multiple providers are involved, we cut the noise: who manages hosting, who manages domain, who touches WordPress, who has credentials. Six-handed chains produce technical blame-passing. I leave a more readable, more closed site, with clear priorities for what comes next. You decide.
05 - What you get
Deliverables
| No. | Deliverable | Format | Timing |
|---|---|---|---|
| 01 | WordPress admin hardening | Config report | day 1 |
| 02 | Plugin audit | PDF report | day 1 |
| 03 | Malware cleanup if needed | Fix log | on-demand |
| 04 | Configured backups | Backup job | day 1-2 |
| 05 | WAF and firewall | Security config | day 2 |
| 06 | Performance audit | Lighthouse + log | day 2 |
| 07 | Recovery plan | .md | post-fix |
| 08 | Correct file permissions | Server config | post-fix |
| 09 | Intervention report | PDF report | post-fix |
| 10 | Basic management training | Meet + .md | post-fix |
07 - Related services
08 - Free audit · 15 minutes
Is your WordPress compromised?
I check plugins, admin, redirects, backups and compromise signals. 15 minutes on Meet, diagnosis before panic.
No obligation - reply within 24h
09 — Frequently asked questions
6 answersThe questions I hear all the time.
My WordPress site shows strange redirects: what do I do right now?
First thing: don't update plugins at random and don't install more security plugins in panic. Serve it by blocking unnecessary access, verify files, database, admin users, cron, .htaccess and theme. If the site sends traffic to suspicious pages, treat it as compromised until proven otherwise.
Can you recover a hacked WordPress site without rebuilding from scratch?
Often yes, but it depends on the real state of files, database and available backups. Rebuilding everything is the last choice, not the first. First we look for the compromise, remove backdoors and fake accounts, restore correct files and close weak access points.
A plugin broke admin or front-end: how do you intervene?
We start from logs, debug mode, PHP version, active theme and plugin list. Then we isolate the conflict without dismantling the entire site in front of clients. The point isn't finding a convenient culprit, but understanding which combination creates the error and how to correct it.
The site is slow even with a cache plugin: why?
Because cache doesn't cure slow queries, bloated database, weak hosting, runaway cron, oversized images, or plugins loading assets everywhere. If TTFB is high, the problem is often before the browser. It needs to be measured server-side, database-side and WordPress-side, not masked.
What does the security audit really check?
It checks users, roles, plugins, theme, file permissions, WordPress configuration, HTTPS, backups, security headers, exposed endpoints and compromise signals. It's not a decorative list. It exists to understand where the site is fragile and which interventions have technical priority.
After the intervention, is the site protected forever?
No. Whoever promises eternal protection on WordPress is selling air. After the intervention the site is more closed, clean and controllable, but it stays a living system: plugins, theme, PHP, hosting and access change. Sensible maintenance and less improvisation are needed.
10 - Start here?
Ready to start?
A 30-minute call to figure out what's actually needed. No PowerPoint.