When a site has been compromised, one of the first practical questions is what cleanup will cost. The range is wide because the situations vary considerably. Here is an honest breakdown.
Simple Malware Removal: $300 to $800
This covers a site where the infection is isolated, the entry point is identifiable, backups are current and clean, and the cleanup is straightforward. The work involves removing the malicious code, patching the vulnerability, verifying file integrity, and confirming the site is clean before bringing it back online.
This scenario assumes the compromise was caught relatively quickly and the damage is contained.
CMS Infection Cleanup: $800 to $2,000
When the infection has spread across multiple files, affected the database, created backdoor accounts, or been running undetected for weeks, the cleanup is more involved. The entry point may require more investigation to identify. File integrity verification takes longer. The database needs to be examined for injected content. Testing after cleanup is more thorough.
This range also applies to sites where the backup situation is uncertain, requiring verification before any restore can happen.
Full Rebuild After Compromise: $2,000 to $6,000 and Up
Some compromises are extensive enough that cleaning the infection is less reliable than starting from a known clean state. This applies when the infection is deep, the backup history is unclear or compromised, or the site has been running malicious code long enough that the scope of the damage is uncertain.
A full rebuild means migrating content to a clean installation, rebuilding the configuration, and verifying that no compromised elements carry over. It is more expensive and more time-consuming, but it is sometimes the only way to be confident the site is actually clean.
The Real Cost Drivers
The dollar ranges above are starting points. What actually determines the final cost:
- How long the compromise went undetected. A site running malicious code for three months is a different situation than one caught within 48 hours.
- Whether clean backups exist and have been verified. Unverified backups add investigation time before any restore can happen.
- Whether the entry point can be identified. Cleaning without finding the entry point means the same vulnerability remains.
- Reputation recovery. If Google flagged the site, getting it removed from Safe Browsing lists and reindexed takes time after cleanup.
- Data exposure. If the site handled customer data, there may be notification requirements and additional review needed.
The Number That Puts This in Context
Monthly maintenance and security monitoring for a small business site runs a fraction of the low end of that cleanup range. The math is consistent across every situation I have seen: cleanup costs more than prevention. The only variable is by how much.
Post 10 in this series covers how to think about security as a budget line rather than an emergency expense.
Need a plan? Book a one-hour strategy session and walk away with a clear direction for your website, security, or digital strategy. All sessions are recorded with full transcription. $250 — Book a Strategy Call
Want to get to know me first? Book a free 15-minute intro call. No pitch, just a conversation. Book a 15-Minute Call
Cybersecurity Series
