Besides our Complete Protection and our Detect then Protect solutions, we offer the service of WordPress Site Cleanup. The service includes a manual review of your WordPress website files, plugins, themes, users and database by one of our skilled engineers.

If you want to test this service, please contact our Sales team if you're a new customer or our Customer Success team if you're an existing customer.

There are two primary methods for submission: the API (preferred) for automation and scale, and through the Monarx Web App for manual, individual site remediation. Below we will explain both ways.

Request a Site Cleanup via our Web App

The Monarx Web App is best suited for "one-off" requests or for support agents who need to review specific detections before authorizing a full cleanup.

Step 1

Step 2

From the left sidebar menu, click on Site Cleanup as shown on the screen capture below.

Step 3

Once on the Site Cleanup page, please click in the + NEW button that is on the top right of the page.

Step 4

A sidebar form will render on the right side of your screen requesting the following fields:

Required fields:

Hostname: This is the name of the server where the website is hosted from. For example: bos-11.examplehosting.com
Public Webroot: This is the full path to the public directory where the website loads from. For example: /home3/username/public_html/fancywebsite.com/
Public URL: This would be the URL used by the website so we can load the site, check for SEO SPAM and to make sure it's not broken after the cleanup. For example: https://www.fancywebsite.com
Notes: This field is used to gather symptoms and details about the infection that is happening on the website. The more specific details the faster we can solve the issue. For example: Website is redirecting to 3rd party websites and there is Japanese SEO Spam in Google Search Results.

Step 5

After the request is submitted, it will show up on the list. Please note that the STATUS field will change as the ticket is reviewed by a Monarx Engineer. The status value can be: Requested, In Progress, Rejected or Completed.

Once the Monarx Engineers start processing the Site Cleanup, the status of the request will change from Requested → In Progress. This means a team member has started to review the infected website and will provide feedback once the analysis and cleanup is completed.
The request will be set to a status of Rejected when any of the following conditions are met:
- We're unable to access the site either due to DNS (expired domain, misspelled domain, domain not pointed to the server, etc) or general HTTP 5xx or 4xx Server Error.
- Our tools are not able to be accessed on this site, For example: if the site is behind Cloudflare and their WAF rules are preventing us from accessing the tools we deploy on the website for our analysis.
- The file path provided on the cleanup is incorrect or does not exist.
The request will be set to a status of Completed when the Monarx Engineers have finished the cleanup of the site and have added feedback upon the activities performed and next steps for the customer.

Requesting a Site Cleanup via our API (preferred)

The API is the recommended method for hosting providers and agencies. It allows for seamless integration into existing support ticket systems or billing portals, reducing manual overhead.

You can find our full API documentation for site-cleanup here.

Key Steps:

1. Make sure Monarx is installed on the server.

2. Request Cleanup

Submit a HTTP POST request to the site-cleanup endpoint. You must provide the site's unique identifier and the target directory (usually the WordPress root).

https://api.monarx.com/v1/enterprise/{enterprise_id}/site-cleanup

Below are the required fields to submit the request.

"agent_id": "string",

"website_url": "https://domain.com/",

"website_docroot": "/path/to/domain.com/public_html/",

"priority": "low",

"note": "string"

enterprise_id. This is the unique id for the enterprise that the request will be associated with.
agent_id. This is the unique value for the Monarx agent that is installed on the shared server where the website is hosted on.
website_url. This is the domain associated with the infected website. Example: https://domain.com
website_docroot. This is the full path for where the infected website is located within the server. For example: /home3/johnjode/public_html/
priority. This can be low, medium, high and critical
note. This is used to provide notes, evidence or symptoms about the infection to help security researchers expedite the request. The more information and context is provided the easier to address customer's questions and concerns. The field is limited to 255 characters.

3. Authentication: All requests must include your X-API-KEY in the header.

4. Async Processing: The API will return a HTTP Response code 201 Created status. The cleanup task is then queued for the Monarx Site Cleanup Queue. Other values responses can be 401 Unauthorized or 403 Forbidden.

5. Status Polling: Use the GET method on the cleanup ID to monitor progress (Requested, In Progress, Rejected, Completed).

https://api.monarx.com/v1/enterprise/{enterprise_id}/site-cleanup/{id}

6. Once the Monarx Engineers start processing the Site Cleanup, the status of the request will change from Requested → In Progress. This means a team member has started to review the infected website and will provide feedback once the analysis and cleanup is completed.

7. The request will be set to a status of Rejected when any of the following conditions are met:

We're unable to access the site either due to DNS (expired domain, misspelled domain, domain not pointed to the server, etc) or general HTTP 5xx or 4xx Server Error.
Our tools are not able to be accessed on this site, For example: if the site is behind Cloudflare and their WAF rules are preventing us from accessing the tools we deploy on the website for our analysis.
The file path provided on the cleanup is incorrect or does not exist.

8. The request will be set to a status of Completed when the Monarx Engineers have finished the cleanup of the site and have added feedback upon the activities performed and next steps for the customer.

Please review the our WordPress Site Cleanup Terms here.

If you have follow-up questions. Do not hesitate to open a new support request.

How to Submit a WordPress Site Cleanup