← All case studies
HRC Recruitment

Emergency Website Recovery with Peace of Mind

An award-winning company website was compromised by hackers overnight. We took control, sanitised every infected file, and returned the site to service with minimal downtime — then hardened it so it could not happen again.
Young professional programmer

The challenge

HRC Recruitment learned their website had been compromised the way no organisation wants to: from a customer. Visitors were seeing an insecure-connection warning in their browser and being redirected to a foreign-language site that asked for their personal information.

On inspection, the company found it had lost access to its own website, with no direct way to fix the issue. Their hosting provider classed the incident as out of scope and advised hiring a specialist security and recovery service.

That left the business in a difficult position. Beyond the immediate damage to customer trust, the site held personally identifiable information about active clients — so the response had to treat data protection as seriously as restoration.

Our approach

We understand the architecture behind WordPress in detail, so the first call was reassurance — and a plan. We took the website offline behind a temporary holding page carrying the company’s contact details, then worked through a structured recovery:

  • Take an offline backup of the compromised site for examination
  • Audit the WordPress file repository for anomalies — files and code that should not be there
  • Sanitise all malicious code within the repository
  • Check every database table for irregularities and unusual data
  • Rebuild and optimise the database, removing redundant entries
  • Scan the full repository for anything that could allow the attack to recur
  • Update WordPress core to the latest version
  • Remove plugins with known security risks or no clear purpose
  • Apply security hardening with carefully configured tooling
  • Test every page and function locally before redeploying to the client’s server
  • Deliver a full report covering potential data exposure, with recommendations

The source of the breach was clear: a free plugin with flawed code had provided the access point. The original designer had stopped supporting the site, and without updates or maintenance it had grown vulnerable over time — a pattern we see often.

It is also why we recommend a website care plan for any site an organisation depends on: managed updates, monitoring, and security, handled before they become an emergency.

What we delivered

Full Website and Database Backup
Forensic Audit of Infected Files
Sanitisation of All Malicious Code
Database Rebuild and Optimisation
WordPress Core and Directory Update
Security Hardening Against Future Attacks
Removal of 13 Vulnerable, Redundant Plugins
PII Exposure Audit and Client Report

Project details

Sector

Private enterprise

Service

Website Care

Built with

Native WordPress CMS
·
Malware Analysis & Remediation
·
Security Hardening

Year

2022

Results like these start with a conversation about your work.

Book a meeting

Related work

All case studies
asian-sportswoman-using-smart-watch-and-smartphone-during-4436296
Universities
UWS
2022
Battling Long Covid with Adaptive Pacing
Pragmatic
Academic non-profits
PEPAH
2021
Developing a Global Alumni Social Network
Sportswoman tracker
Universities
UWS – Lockdown Lowdown
2021
UK University Assesses the Effects of Lockdown with Fitbit

What we do

The services behind the work.

Website DevelopmentBespoke websites, membership platforms, conference sites, and research-project platforms.Learn more Website CareHosting, maintenance, security, and support on a single plan.Learn more Cloud Productivity ServicesMicrosoft 365 and Google Workspace, set up and managed properly.Learn more AI AugmentationPractical, governed AI woven into the tools your team already uses.Learn more

Know someone who’d benefit from working with us?

If there’s an academic, society, or research organisation you think we could help, introduce us — and take advantage of our generous referral rewards programme.

Refer someone

Start a conversation

Tell us about the work you’re doing.

The best projects start with understanding the academic work behind them. Book a 30-minute call — no pitch deck, no pressure, just a conversation about what you’re trying to do.

Book a meeting
Make an enquiry

Or email [email protected] — we reply within one working day.

Privacy Settings
This website uses cookies to enhance your browsing experience on our website and our services. You may revoke or change your consent settings at any time.

Accept all Essential only