About MD Pabel WordPress Malware Removal Expert
Hi, I'm MD Pabel — the person behind every cleanup, every case study, and every email reply on this site. Since July 2018, I've manually cleaned 4,500+ hacked WordPress sites for freelance marketplace clients, agencies, referrals, and direct website owners. mdpabel.com is run entirely by me from Dhaka, Bangladesh — no agency, no team, no white-label reselling.
Who is MD Pabel?
MD Pabel is a WordPress malware removal expert based in Dhaka, Bangladesh. He is an Information & Communication Technology (ICT) graduate of Comilla University and the sole person behind mdpabel.com — not an agency or reseller. Active in WordPress security since July 2018, he specializes in manual cleanup of Japanese SEO spam, fake CAPTCHA malware, .htaccess redirects, database injections, hidden backdoors, and blacklist recovery.
- 4,500+ hacked WordPress sites manually cleaned
- WordPress security specialist since 2018
- ICT graduate · Comilla University, Bangladesh
- Sole operator · no agency, no team, no resellers
- Client work from freelance platforms, agencies, referrals, and direct site owners
- 550+ LeetCode problems solved · published IoT project
Verifiable credentials at a glance
Some credentials are publicly verifiable through the profiles linked further down this page. Cleanup volume comes from years of client work across freelance platforms, agency referrals, and direct projects.
4,500+
Hacked WordPress sites cleaned
2018
Year I started · 8 years of full-time security work
Worldwide
Remote cleanup help for international WordPress site owners
Freelance + direct
Client work through marketplaces, agencies, referrals, and mdpabel.com
ICT
Graduate · Comilla University, Bangladesh
550+
LeetCode problems solved
From one hacked site in 2018 to 4,500+ cleanups
I started freelancing in July 2018, while still studying ICT at Comilla University. My first paid jobs were small — fixing broken plugin conflicts, helping people install themes, troubleshooting forms. Then a client came with a fully hacked WordPress site. Mobile redirects, Google blacklist, hosting suspension warning, the whole stack. I had no playbook, no Sucuri subscription, and no senior engineer to ask. I opened the files in a code editor and started reading.
That single cleanup taught me something that has shaped every job since: automated scanners report what they recognize, but real malware hides specifically in the gaps they can't see. Once you can read PHP and follow what it does at runtime, the "mystery" of a hacked WordPress site disappears. It becomes pattern recognition.
By 2021 I was specializing almost entirely in compromised sites. Each cleanup made the next one faster. By early 2026, the count crossed 4,500 client cleanups — including selected public cases like one site with 3.45 million spam URLs in Google, another with 242,000 Japanese spam pages indexed, and a homepage defacement involving tens of thousands of infected files. I document selected cases publicly so other people facing similar attacks have a real reference, not only a marketing brochure.
mdpabel.com exists for a specific reason. After years of working through marketplace platforms, the friction of those platforms — the communication delays, the inability to send long forensic reports, the inability for past clients to find me again easily — became the biggest blocker to doing the work well. This site fixes that. It's the direct, no-middleman way to find me, verify the work, and continue working together.
Career timeline
The milestones that shaped this work, in order.
- Jul 2018
First WordPress malware cleanup
Took on my first hacked-site cleanup through freelance client work while still an ICT student at Comilla University. No security plugin subscription, no senior engineer to ask — just opened the files in a code editor and started reading. That cleanup defined the next eight years of my work.
- 2022
Graduated from Comilla University
Completed an Information & Communication Technology (ICT) degree from Comilla University, Bangladesh. Final-year research project: a real-time, full-stack IoT-based university bus tracking system, later published on ResearchGate. By this point, freelance malware cleanup had already become the primary work, with the academic foundation supporting it.
- Nov 2023
Expanded to Upwork
After five years of hacked-site work and thousands of cleanups, joined Upwork to reach a different client base. Started with one-off cleanup jobs and quickly grew to long-term security retainers.
- 2024
Built verified Upwork client history
Earned strong client trust on Upwork through consistent technical work, completed cleanup jobs, and long-term security support. Marketplace profiles helped many clients verify my work before contacting me directly.
- 2026
4,500+ client cleanups
Crossed the 4,500-cleanup milestone through years of freelance marketplace work, agency referrals, and direct client projects. Selected high-value cases are documented as forensic case studies or blog posts on mdpabel.com so future clients can review the work and other site owners can understand similar attacks.
Read the code. Find the entry point. Patch the cause.
Many rushed WordPress malware cleanups rely too heavily on a scanner result and delete only the files that are already flagged. That may work for simple infections, but when a site has obfuscated PHP, fake plugins disguised as core, hidden admin users, or cron-job persistence, the real entry point can remain and the site may get re-infected within days.
My approach is the opposite. I read the code first, treat scanner output as one input among many (alongside server access logs, modified-file timestamps, Search Console signals, and database anomalies), and trace the infection back to the entry point. Only then do I clean — and the cleanup includes patching whatever allowed the attack so the same thing can't happen again next week.
That's slower than a one-click cleanup tool. It's also why re-infection is rare for sites I've worked on, and why most of my clients come from referrals rather than ad spend.
The supporting technical foundation — PHP, JavaScript, server internals, MySQL, hosting platforms — exists specifically to make this work possible. You can't read malware you can't read code in general; you can't trace a server-level redirect without understanding access logs; you can't clean a database injection without knowing what the original query was supposed to look like. Everything connects.
Why I publish forensic write-ups for free
Selected cleanups become public case studies and blog posts when they reveal a useful malware pattern. Here's the reason.
Trust before purchase
Most people who land on a WordPress malware removal service are in the worst possible state — site down, money lost, panic-Googling from a phone. They have no time to vet a stranger. Public forensic write-ups let them verify the work before sending the first email.
Field references for site owners
Every cleanup I document is something I wish I'd had as a reference back in 2018. If a site owner reads my Japanese keyword hack guide and fixes their own site without hiring me, that's still a win.
Pattern recognition for me
Writing forces clarity. Documenting a malware family — its file paths, obfuscation patterns, persistence tricks — means the next site infected with the same family takes hours instead of days. Public posts also draw emails from other security researchers who extend my notes.
Anti-marketing, basically
I'd rather a potential client read three real case studies and decide on their own than read a sales page making promises I can't substantiate. Browse the case study archive →
My non-negotiables
Working principles that don't bend, regardless of project size, deadline, or budget.
I never use nulled plugins or themes
Free pirated plugins are how 30% of hacked sites I see got infected in the first place. I won't recommend them, install them, or work on a site that's running them without first removing them.
Important cleanup patterns get documented
When a cleanup reveals a useful malware pattern, I turn it into a public blog post or case study. Client-identifying details are anonymized, but the malware behavior, file paths, and forensic process are documented so other site owners can learn from it.
No black-box proprietary scripts
I don't run mystery scanners on client sites. Every command, every script, and every change is something I can explain line by line. If you ask what I did, you'll get a real answer with file paths and reasoning.
Backup restoration is a last resort
Most 'restored from backup' fixes I see were restored from an already-infected backup. I clean live, document the entry point, and only restore from backup when it's verified clean and necessary.
I work alone — and that is a feature
Every cleanup, every email, every Search Console submission is done by me personally. There's no support tier 1 to escalate from, no junior engineer touching production. That's slower than an agency, but accountability is unambiguous.
Honest scoping over upselling
If your problem is a 5-minute fix, I'll tell you it's a 5-minute fix. I'd rather quote a fair price for actual work than win short-term margin and lose the next ten referrals.
Comilla University, Bangladesh
Bachelor's degree in Information & Communication Technology (ICT) from Comilla University, a public university in Bangladesh. The academic foundation for my work in software systems, debugging, and security-oriented problem solving.
Outside formal education: 550+ LeetCode problems solved across data structures, algorithms, and systems design — kept active as ongoing practice rather than interview prep.
IoT Bus Tracking System
Final-year research project: a real-time, full-stack IoT-based university bus tracking system that solved the practical problem of students at Comilla University never knowing when their bus would arrive. End-to-end build covering hardware, firmware, server, and frontend.
Read on ResearchGate →Verify me yourself
"MD Pabel" is a common name in Bangladesh. The links below are the only profiles I personally own and update. If a profile claims to be me but isn't listed here, it isn't me.
The technical depth behind every cleanup
Malware removal is the specialty. The stack below is what makes the cleanup actually work — reading obfuscated PHP, de-obfuscating malicious JavaScript, querying infected databases, and tracing attacks through server logs all require this foundation.
Frequently asked questions about MD Pabel
About the person — not the service. For service-related questions (pricing, turnaround, guarantees), see the malware removal service page.
Who is MD Pabel?
How can I verify MD Pabel is a real person?
I worked with MD Pabel on a freelancer marketplace years ago. Is this the same person?
Where is MD Pabel based?
Is MD Pabel an agency, a team, or one person?
Why does MD Pabel publish so many forensic case studies and write-ups?
What is MD Pabel’s educational background?
Does MD Pabel only work on WordPress?
How does MD Pabel describe his approach to malware removal?
Site hacked, blacklisted, or broken?
Send me your URL and a short description of what you're seeing. I'll respond personally within 1–2 hours with a free diagnosis and a fixed price — no bait-and-switch, no surprise fees.
Manual cleanup only · 30-day reinfection guarantee · One person, direct contact