Your Drupal site is defaced, redirecting visitors, white-screening after an update, or just gone. We find what got in, clean it out, and hand back a site that's harder to hit next time.
Search “Drupal restoration” and you mostly get checklists written in 2016 and a couple of scanner subscriptions. Helpful if you have the time and the stomach to do it yourself at 1am. This is the other option: you give us access, we do the recovery, and you get the site back with a written account of what was wrong. We work on Drupal 7, 9, and 10. Drupal 7 is the one we see compromised most, because it went end-of-life in January 2025 and a lot of sites never moved off it.
A redirect script sending your traffic to a pharma page, a defaced front page, injected PHP hiding in a block or the PHP filter module, an admin account in the {users} table you didn't create. We isolate the site, find the entry point, and pull the persistence, not just the visible symptom.
A composer update that half-finished, a module update that white-screened the site, or update.php that errored partway and left the database mid-migration. We get you back to a consistent state, on a staging copy first when the live site still half-works.
A corrupted database, a host that wiped the account, files gone and a backup nobody ever tested. We rebuild from whatever exists, recover the database where we can, and tell you honestly what's recoverable before you pin hopes on it.
Most of what we clean traces back to two things: an unpatched core or module, and no working backup. So every restoration ends with one configured and a patch plan, whether or not you keep us on afterward.
Everything below is in scope on a standard Drupal restoration. We diagnose first and quote the rebuild before any step we can't undo.
You get the site back, plus the paper trail, so you or your next developer aren't guessing about what happened.
Front end and admin back up, content intact, confirmed from outside your network.
What got in, how, what we removed, and what we changed, in plain language.
Versions, what was tampered with, and what still needs patching.
Off-site backups configured and one restore tested, because an untested backup is a guess.
The specific changes that keep this particular site from getting hit the same way.
Recovery starts within hours of getting access. A broken update is often same-day; a full compromise clean-up runs one to three days depending on how deep it went.
You give us host and SSH access. We snapshot everything before touching it, then read the logs and the file tree to find the cause.
Hour 1 — cause identifiedWe isolate the site so it stops redirecting or leaking, confirm every entry point, and scope the clean-up.
Same dayBackdoors removed, tampered files replaced from drupal.org sources, database repaired, content preserved.
Day 1-3Credentials rotated, patches applied, backup configured, incident write-up delivered.
On completionDiagnosis is a flat $390. It includes triage, the root cause, and a written quote for the full restore. Green-light the restore and the $390 rolls into it. A clean broken-update fix is often close to the diagnosis fee; a deep compromise on a large multisite costs more, and you see the number before we start.
If it’s defacing pages, redirecting traffic, or pushing spam as you read this, containment comes first, not paperwork. Reach out and we’ll isolate the site, then diagnose. The longer an injected redirect runs, the more search engines and blocklists notice.
This is the Drupal-specific version of our restoration work. If the same box runs other sites or the compromise reached the server itself, the root-access path is our Linux server recovery. Once the site is clean, the next conversation is usually keeping it that way through our Drupal support, or for an end-of-life Drupal 7 site, moving off it entirely. If you’d rather buy the whole thing as one fixed package, our Drupal rescue bundle wraps the restore, the hardening, and a migration plan together.
We'll triage the same day. Send context, screenshots, error messages — whatever you have. No sales calls, no chatbots.