Starter Offer: WordPress Malware Cleanup From $89 Claim on WhatsApp →

Verified WordPress Security Specialist · Dhaka, Bangladesh

About MD Pabel WordPress Malware Removal Expert

Hi, I'm MD Pabel — the person behind every cleanup, every case study, and every email reply on this site. Since July 2018, I've manually cleaned 4,500+ hacked WordPress sites for clients across 60% of the world. mdpabel.com is run entirely by me from Dhaka, Bangladesh — no agency, no team, no white-label reselling.

Hire Me Directly See Malware Removal Service
Quick Answer

Who is MD Pabel?

MD Pabel is a WordPress malware removal expert based in Dhaka, Bangladesh. He is an Information & Communication Technology (ICT) graduate of Comilla University and the sole person behind mdpabel.com — not an agency, reseller, or marketplace front. Active in WordPress security since July 2018, he specializes in manual cleanup of Japanese SEO spam, fake CAPTCHA malware, .htaccess redirects, database injections, hidden backdoors, and blacklist recovery.

  • 4,500+ hacked WordPress sites manually cleaned
  • Full-time WordPress security specialist since 2018
  • ICT graduate · Comilla University, Bangladesh
  • Sole operator · no agency, no team, no resellers
  • Clients across 60% of the world
  • 550+ LeetCode problems solved · published IoT researcher

Verifiable credentials at a glance

Every number below is verifiable through the public profiles linked further down this page.

4,500+

Hacked WordPress sites cleaned

2018

Year I started · 8 years of full-time security work

60%

Of the world reached · clients on every continent

Top Rated

Verified Upwork status since 2024

ICT

Graduate · Comilla University, Bangladesh

550+

LeetCode problems solved

The story

From one hacked site in 2018 to 4,500+ cleanups

I started freelancing in July 2018, while still studying ICT at Comilla University. My first paid jobs were small — fixing broken plugin conflicts, helping people install themes, troubleshooting forms. Then a client showed up with a fully hacked WordPress site. Mobile redirects, Google blacklist, hosting suspension warning, the whole stack. I had no playbook, no Sucuri subscription, and no senior engineer to ask. I opened the files in a code editor and started reading.

That single cleanup taught me something that has shaped every job since: automated scanners report what they recognize, but real malware hides specifically in the gaps they can't see. Once you can read PHP and follow what it does at runtime, the "mystery" of a hacked WordPress site disappears. It becomes pattern recognition.

By 2021 I was specializing almost entirely in compromised sites. Each cleanup made the next one faster. By early 2026, the count crossed 4,500 — including one site with 3.45 million spam URLs in Google, another with 242,000 Japanese spam pages indexed, and a homepage defacement involving 33,771 infected files. Each one is documented as a public case study so other people facing similar attacks have a real reference, not a marketing brochure.

mdpabel.com exists for a specific reason. After years of working through marketplace platforms, the friction of those platforms — the communication delays, the inability to send long forensic reports, the inability for past clients to find me again easily — became the biggest blocker to doing the work well. This site fixes that. It's the direct, no-middleman way to find me, verify the work, and continue working together.

Career timeline

The milestones that shaped this work, in order.

  1. Jul 2018

    First WordPress malware cleanup

    Took on my first hacked-site cleanup as a Fiverr freelancer while still an ICT student at Comilla University. No security plugin subscription, no senior engineer to ask — just opened the files in a code editor and started reading. That cleanup defined the next eight years of my work.

  2. 2022

    Graduated from Comilla University

    Completed an Information & Communication Technology (ICT) degree from Comilla University, Bangladesh. Final-year research project: a real-time, full-stack IoT-based university bus tracking system, later published on ResearchGate. By this point, freelance malware cleanup had already become the primary work, with the academic foundation supporting it.

  3. Nov 2023

    Expanded to Upwork

    After five years of hacked-site work and thousands of cleanups, joined Upwork to reach a different client base. Started with one-off cleanup jobs and quickly grew to long-term security retainers.

  4. 2024

    Earned Top Rated on Upwork

    Reached Top Rated status through consistent technical work and high client satisfaction. Top Rated is awarded based on long-term success score, completion rate, and client feedback — not just hours billed.

  5. 2026

    4,500+ documented cleanups

    Crossed the 4,500-cleanup milestone, with clients across 60% of the world. By this point, every notable cleanup is documented as a forensic case study or blog post on mdpabel.com — partly so future clients can verify the work, and partly so other site owners facing the same attack have a real reference instead of a marketing page.

How I think about this work

Read the code. Find the entry point. Patch the cause.

Most "WordPress malware removal" services on the web are essentially a Wordfence or Sucuri scan plus a database flush. That works for the simplest infections — the ones the scanners already know — but the moment you're dealing with obfuscated PHP, fake plugins disguised as core, hidden admin users, or cron-job persistence, the signature engine misses it and the site gets re-infected within days.

My approach is the opposite. I read the code first, treat scanner output as one input among many (alongside server access logs, modified-file timestamps, Search Console signals, and database anomalies), and trace the infection back to the entry point. Only then do I clean — and the cleanup includes patching whatever allowed the attack so the same thing can't happen again next week.

That's slower than a one-click cleanup tool. It's also why re-infection is rare for sites I've worked on, and why most of my clients come from referrals rather than ad spend.

The supporting technical foundation — PHP, JavaScript, server internals, MySQL, hosting platforms — exists specifically to make this work possible. You can't read malware you can't read code in general; you can't trace a server-level redirect without understanding access logs; you can't clean a database injection without knowing what the original query was supposed to look like. Everything connects.

Content philosophy

Why I publish forensic write-ups for free

Roughly half of the cleanups I work on become public case studies and blog posts. Here's the reason.

Trust before purchase

Most people who land on a WordPress malware removal service are in the worst possible state — site down, money lost, panic-Googling from a phone. They have no time to vet a stranger. Public forensic write-ups let them verify the work before sending the first email.

Field references for site owners

Every cleanup I document is something I wish I'd had as a reference back in 2018. If a site owner reads my Japanese keyword hack guide and fixes their own site without hiring me, that's still a win.

Pattern recognition for me

Writing forces clarity. Documenting a malware family — its file paths, obfuscation patterns, persistence tricks — means the next site infected with the same family takes hours instead of days. Public posts also draw emails from other security researchers who extend my notes.

Anti-marketing, basically

I'd rather a potential client read three real case studies and decide on their own than read a sales page making promises I can't substantiate. Browse the case study archive →

My non-negotiables

Working principles that don't bend, regardless of project size, deadline, or budget.

I never use nulled plugins or themes

Free pirated plugins are how 30% of hacked sites I see got infected in the first place. I won't recommend them, install them, or work on a site that's running them without first removing them.

Every cleanup gets documented

Roughly half of my cleanups become a public blog post or case study. Clients' identifying details are always anonymized, but the malware patterns, file paths, and forensic process go public so other site owners can learn from them.

No black-box proprietary scripts

I don't run mystery scanners on client sites. Every command, every script, and every change is something I can explain line by line. If you ask what I did, you'll get a real answer with file paths and reasoning.

Backup restoration is a last resort

Most 'restored from backup' fixes I see were restored from an already-infected backup. I clean live, document the entry point, and only restore from backup when it's verified clean and necessary.

I work alone — and that is a feature

Every cleanup, every email, every Search Console submission is done by me personally. There's no support tier 1 to escalate from, no junior engineer touching production. That's slower than an agency, but accountability is unambiguous.

Honest scoping over upselling

If your problem is a 5-minute fix, I'll tell you it's a 5-minute fix. I'd rather quote a fair price for actual work than win short-term margin and lose the next ten referrals.

Education

Comilla University, Bangladesh

Bachelor's degree in Information & Communication Technology (ICT) from Comilla University, a public university in Bangladesh. The academic foundation for my work in software systems, debugging, and security-oriented problem solving.

Outside formal education: 550+ LeetCode problems solved across data structures, algorithms, and systems design — kept active as ongoing practice rather than interview prep.

Published research

IoT Bus Tracking System

Final-year research project: a real-time, full-stack IoT-based university bus tracking system that solved the practical problem of students at Comilla University never knowing when their bus would arrive. End-to-end build covering hardware, firmware, server, and frontend.

Read on ResearchGate →
Identity verification

Verify me yourself

"MD Pabel" is a common name in Bangladesh. The links below are the only profiles I personally own and update. If a profile claims to be me but isn't listed here, it isn't me.

LinkedIn
linkedin.com/in/mdpabe1
GitHub
github.com/mdpabel
LeetCode · 550+ solved
leetcode.com/u/mdpabel
ResearchGate
IoT Bus Tracking publication
Facebook Business Page
fb.com/mdpabelwpsecurity
Instagram
instagram.com/md_pabell
Past clients: if you worked with me on a freelance marketplace any time between 2018 and now and want to continue working directly, mdpabel.com is the right place. The writing style, technical depth, and case studies on this site should match what you remember.

The technical depth behind every cleanup

Malware removal is the specialty. The stack below is what makes the cleanup actually work — reading obfuscated PHP, de-obfuscating malicious JavaScript, querying infected databases, and tracing attacks through server logs all require this foundation.

WordPress core internals
PHP
JavaScript
TypeScript
Node.js
MySQL / SQL
cPanel / Plesk
Cloudflare
SiteGround
Bluehost
Linux server logs
.htaccess / Nginx
React
Next.js
Astro
Python

Frequently asked questions about MD Pabel

About the person — not the service. For service-related questions (pricing, turnaround, guarantees), see the malware removal service page.

Who is MD Pabel?
MD Pabel is a WordPress malware removal expert based in Dhaka, Bangladesh. He has been manually cleaning hacked WordPress sites since July 2018 and is the sole person behind mdpabel.com — not an agency, white-label reseller, or marketplace front. He graduated in Information & Communication Technology (ICT) from Comilla University and specializes in Japanese SEO spam, fake CAPTCHA malware, .htaccess redirects, database injections, hidden backdoors, and blacklist recovery.
How can I verify MD Pabel is a real person?
Cross-reference the verifiable public profiles linked on this page: LinkedIn (linkedin.com/in/mdpabe1), GitHub (github.com/mdpabel), LeetCode (leetcode.com/u/mdpabel — 550+ problems solved), the ResearchGate publication on a university IoT project, and the Facebook business page mdpabelwpsecurity. All of these point to the same person and are owned and updated by him.
I worked with MD Pabel on a freelancer marketplace years ago. Is this the same person?
Yes. mdpabel.com is the direct way to continue working with him outside of marketplace platforms. Past clients can verify identity by matching the writing style, the technical depth in case studies, and any specific cleanups they remember — most are documented on the blog and case-studies sections.
Where is MD Pabel based?
Dhaka, Bangladesh. Time zone is Bangladesh Standard Time (UTC+6). Most clients are in the US, UK, Europe, and Australia, so emergency cleanups are typically picked up within 1–2 hours of contact regardless of which time zone the client is in.
Is MD Pabel an agency, a team, or one person?
One person. There are no junior engineers, no support tiers, no white-label subcontracting. Every cleanup, every Google Search Console submission, every blog post, and every email reply is done by MD Pabel personally. This is slower than an agency in raw throughput but means responsibility is unambiguous on every job.
Why does MD Pabel publish so many forensic case studies and write-ups?
Two reasons. First, transparency — anyone considering hiring him can read documented cleanups before contacting, instead of relying on marketing pages. Second, education — most WordPress site owners discover their site is hacked at the worst possible moment and need to understand what's happening fast. Public forensic write-ups help them either fix it themselves or hire someone competent.
What is MD Pabel’s educational background?
Bachelor’s degree in Information & Communication Technology (ICT) from Comilla University, Bangladesh. Final-year research focused on a real-time, full-stack IoT-based university bus tracking system, published on ResearchGate. Outside formal education, has solved 550+ LeetCode problems for ongoing algorithmic and systems practice.
Does MD Pabel only work on WordPress?
WordPress malware removal is the primary specialty and the focus of mdpabel.com. The supporting technical foundation — PHP, JavaScript, TypeScript, Node.js, MySQL, server logs, and hosting platforms — exists specifically to make the malware work deeper. WordPress is roughly 95% of the work; the remaining 5% is typically forensic JavaScript analysis, server-level cleanup on non-WordPress hosts, and occasional full-stack development consulting.
How does MD Pabel describe his approach to malware removal?
Read the code, don't trust the scanner. Find the entry point, not just the symptom. Patch the vulnerability that allowed the attack, not just the visible payload. Document everything so the same attack pattern is easier to recognize next time. Treat each site as the client's livelihood, not a ticket number.
Work with one specialist, not a marketplace

Site hacked, blacklisted, or broken?

Send me your URL and a short description of what you're seeing. I'll respond personally within 1–2 hours with a free diagnosis and a fixed price — no bait-and-switch, no surprise fees.

Start cleanup now See pricing

Manual cleanup only · 30-day reinfection guarantee · One person, direct contact