Two ways forward. Unlock all of Armory Premium and run continuous monitoring, alerts and one-click response yourself — or hand one compromised WordPress site to us and we’ll investigate, clean it and prove exactly what happened.
One site · all features · cancel anytime
Secure checkout via Stripe · license key emailed instantly
A specialist investigates & cleans one compromised site
Secure checkout via Stripe · a specialist starts once payment clears
Not sure which? See how they compare → · Just want the free scanner? Start free →
The free scanner tells you what happened. Premium turns Armory into a standing watch — so you catch the next compromise as it starts and can prove it.
Re-baseline on a schedule and get alerted the moment a file is added, changed or deleted — no manual scans.
Watch every administrator login, IP, device and session in real time and flag anything unfamiliar.
A running feed of inbound request signatures hitting your site so you see probing before it lands.
Match files, domains and patterns against known indicators of compromise to confirm a hit fast.
Lock the site down and quarantine suspect files in one click — deliberate, reversible actions you control.
An incident timeline plus timestamped ZIP/CSV evidence bundles you can hand to your host or your report.
Audit authentication hooks and capability changes attackers use to keep a quiet foothold.
Summarise findings and suspicious code so you know what matters first, not just a wall of alerts.
If a site is hacked and you don’t want to dig through it yourself, hand it to a specialist. For a single site we investigate end-to-end, remove the attacker’s foothold, harden the way they got in, and give you a clear, timestamped record of what happened — and a year of Armory Premium so it doesn’t happen again unnoticed.
Self-serve, instant, and activated right inside WordPress.
Click Get Premium and pay securely through Stripe — $49/year, cancel anytime.
Your license key lands in your inbox instantly, with activation instructions.
Paste the key in WP Admin under Armory Security → License & Plan.
Monitoring, alerts and one-click response switch on immediately.
Buy Premium ($49/year) if you want every Armory feature on your own sites — monitoring, alerts, hardening and evidence export you run yourself. Hire the specialist ($250, one site) if a site is compromised right now and you want us to investigate and clean it for you. The specialist service includes a year of Premium on that site.
Everything in the free scanner plus the response and monitoring layer: scheduled baselines and drift alerts, real-time admin-account and session monitoring, a live attack feed, IOC matching, one-click hardening, quarantine, the incident timeline and timestamped evidence bundles.
Premium is $49/year for one site, billed securely through Stripe — cancel anytime. After checkout your license key is emailed instantly; activate it from WP Admin under Armory Security → License & Plan.
A hands-on forensic investigation of one compromised WordPress site: we baseline and diff your files, hunt web-shells and obfuscated PHP, find hidden admins and persistence (rogue routes, cron, mu-plugins), remove the foothold, harden the site, and hand you a timestamped evidence report of exactly what happened — plus a year of Armory Premium on that site.
Use “Request emergency help” to tell us what you’re seeing. We scope the work, confirm it’s a single site, and send you a secure payment link — then we get to work.
Armory is forensics-first and read-only by default — it captures evidence before anything changes. Hardening, quarantine and lockdown are explicit, reversible actions, and during the specialist service we keep a full timestamped record of every step.
Run every feature yourself for $49/year, or get a specialist on one compromised site today.