Running a WordPress membership site comes with its own unique challenges – managing users, gated content, subscriptions, and security. When that site gets hacked, it’s not just your content at risk – it’s your reputation, revenue, and member trust.
In this case study, we’ll walk you through how WP Hosting NZ (Red Jet) helped a New Zealand-based membership business recover from a serious WordPress hack – restoring operations within 24 hours and preventing it from happening again.
👩💼 The Client
A Wellington-based professional association offering premium training and certification resources to hundreds of paid members. Their site:
- Used MemberPress to manage content access and subscriptions
- Integrated with Stripe for recurring payments
- Contained hundreds of downloadable PDFs and video content
- Ran on a popular theme with several third-party plugins
⚠️ The Problem
The client contacted us after noticing:
- Multiple member login failures
- Reports of strange redirects from users
- Slow admin dashboard and unexplained errors
- A sudden dip in Google traffic
- A warning email from Google Search Console about malicious scripts detected
🕵️ Step 1: Immediate Triage
As soon as we got access, we:
- Put the site in maintenance mode to protect users
- Cloned the site to a secure staging environment for investigation
- Ran scans using Wordfence, WPScan, and server-level tools
🔍 What We Found:
- Multiple hidden admin users created by the attacker
- Obfuscated PHP code in the /wp-content/uploads folder
- Modified functions.php file injecting malicious redirects
- Outdated plugins and themes with known vulnerabilities
- A backdoor allowing remote file uploads
🧹 Step 2: Clean-Up & Recovery
We launched a full-scale clean-up including:
- Removed all suspicious code and users
- Reinstalled fresh versions of core, theme, and plugins
- Manually audited database and .htaccess file
- Scanned the full file system for backdoors and shells
- Rotated all user passwords and secret keys in wp-config.php
💾 We also:
- Verified clean backups were available
- Restored critical content and custom configurations
- Re-enabled payments and ensured Stripe webhook integrity
🔐 Step 3: Locking It Down
After recovery, we immediately hardened the site:
- Enabled 2FA for all admins
- Limited login attempts and renamed the login URL
- Installed and configured Wordfence (included in all our plans)
- Set up automatic plugin/theme updates with manual oversight
- Blocked XML-RPC access
- Deployed Redis object caching to improve admin performance
🔒 The client was back online and fully functional in less than 24 hours.
💬 What the Client Said
“Red Jet not only cleaned up our hacked site, they explained every step clearly and made our system stronger than it was before. We didn’t lose a single member account, and our traffic fully recovered in under a week.”
— Operations Manager, NZ-based Membership Org
🎯 Key Takeaways
- Membership sites are prime targets – due to login systems and recurring payments
- Hacked sites can lose SEO rankings, revenue, and customer trust
- Fast, expert-led recovery can minimise damage and restore operations quickly
- Prevention is better than cure – proactive updates, security plugins, and backups are essential
🛠 Need Help Recovering Your Site?
At WP Hosting NZ, we’ve helped dozens of NZ businesses recover from hacked WordPress sites from blogs to ecommerce to complex membership platforms.
We offer:
✅ WordPress hacked site repair
✅ Free security audits and risk assessments
✅ Managed hosting with Wordfence, Redis, and WP Rocket included
✅ Ongoing performance tuning and update management
